openSUSE Security Update: Security update for radare2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0072-1 Rating: moderate References: #1237250 Cross-References: CVE-2025-1378 CVSS scores: CVE-2025-1378 (SUSE): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for radare2 fixes the following issues: - CVE-2025-1378: Fixed memory corruption (boo#1237250) https://github.com/radareorg/radare2/releases/tag/5.9.0 Update to version 5.8.8: For details, check full release notes * Faster analysis, type matching, binary parsing (2-4x) * Add assembler for riscv and disassemblers for PDP11, Alpha64 and armv7.v35 * Improved integration with r2frida remote filesystems * Cleaning debugger for windows (32 and 64) and macOS makes it more reliable and stable * Better build scripts for Windows (add asan and w32 profiles) * AES key wrap algorithm support in rahash2 * Print and convert ternary values back and forth - Update to 4.5.0 * Fix build of the onefied shared lib * Enable asm.jmpsub by default * Fix m68k analysis issues * Fix infinite loop bug related to anal.nopskip Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-72=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64): radare2-5.9.8-bp156.4.6.1 radare2-devel-5.9.8-bp156.4.6.1 - openSUSE Backports SLE-15-SP6 (noarch): radare2-zsh-completion-5.9.8-bp156.4.6.1 References: https://www.suse.com/security/cve/CVE-2025-1378.html https://bugzilla.suse.com/1237250