Register | Log in

yara

Pattern matching swiss knife for malware researchers

Choose email to subscribe with

general

source: yara (main)
version: 4.0.2-1
maintainer: Debian Security Tools (DMD)
uploaders: Hilko Bengen [DMD]
arch: all any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.0-2+deb8u1
oldstable: 3.5.0+dfsg-9
old-bpo: 3.8.1-2~bpo9+1
stable: 3.9.0-1
testing: 4.0.2-1
unstable: 4.0.2-1

versioned links

3.1.0-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.0+dfsg-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.8.1-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.9.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.0.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libyara-dev
libyara4
yara
yara-doc

action needed

lintian reports 21 errors and 22 warnings high

Lintian reports 21 errors and 22 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-08-22 Last update: 2020-09-21 06:04

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-19648: In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

Please fix it.

Created: 2019-12-09 Last update: 2020-08-07 06:08

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2019-19648: In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

Please fix it.

Created: 2019-12-09 Last update: 2020-08-07 06:08

12 ignored security issues in stretch low

There are 12 open security issues in stretch.

12 issues skipped by the security teams:

CVE-2017-11328: Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.
CVE-2017-8294: libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
CVE-2017-8929: The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
CVE-2017-9304: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
CVE-2017-9438: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
CVE-2017-9465: The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
CVE-2018-12034: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
CVE-2018-12035: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
CVE-2018-19974: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
CVE-2018-19975: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
CVE-2018-19976: In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
CVE-2019-19648: In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

Please fix them.

Created: 2017-04-28 Last update: 2020-08-07 06:08

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2019-19648: In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

Please fix it.

Created: 2019-12-09 Last update: 2020-08-07 06:08

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.4.0).

Created: 2019-07-08 Last update: 2020-06-27 16:35

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[2020-07-02] yara 4.0.2-1 MIGRATED to testing (Debian testing watch)
[2020-06-27] Accepted yara 4.0.2-1 (source) into unstable (Hilko Bengen)
[2020-06-01] yara 4.0.1-2 MIGRATED to testing (Debian testing watch)
[2020-05-30] Accepted yara 4.0.1-2 (source) into unstable (Hilko Bengen)
[2020-05-16] Accepted yara 4.0.1-1 (source amd64 all) into unstable (Hilko Bengen)
[2020-05-05] yara 3.11.0-4 MIGRATED to testing (Debian testing watch)
[2020-04-30] Accepted yara 4.0.0-2 (source) into experimental (Hilko Bengen)
[2020-04-29] Accepted yara 3.11.0-4 (source) into unstable (Hilko Bengen)
[2020-04-29] Accepted yara 4.0.0-1 (source) into experimental (Hilko Bengen)
[2020-04-29] Accepted yara 3.11.0-3 (source) into unstable (Hilko Bengen)
[2020-04-05] Accepted yara 4.0.0~rc3-3 (source) into experimental (Hilko Bengen)
[2020-04-04] Accepted yara 4.0.0~rc3-2 (source) into experimental (Hilko Bengen)
[2020-04-02] Accepted yara 4.0.0~rc3-1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Hilko Bengen)
[2019-10-18] yara 3.11.0-2 MIGRATED to testing (Debian testing watch)
[2019-10-13] Accepted yara 3.11.0-2 (source) into unstable (Hilko Bengen)
[2019-10-10] Accepted yara 3.11.0-1 (source) into unstable (Hilko Bengen)
[2019-09-20] yara 3.10.0-2 MIGRATED to testing (Debian testing watch)
[2019-06-07] Accepted yara 3.10.0-2 (source) into unstable (Hilko Bengen)
[2019-05-03] Accepted yara 3.10.0-1 (source) into unstable (Hilko Bengen)
[2019-03-05] yara 3.9.0-1 MIGRATED to testing (Debian testing watch)
[2019-02-22] Accepted yara 3.9.0-1 (source) into unstable (Hilko Bengen)
[2018-12-27] Accepted yara 3.8.1-2~bpo9+1 (source) into stretch-backports (Hilko Bengen)
[2018-12-24] yara 3.8.1-2 MIGRATED to testing (Debian testing watch)
[2018-12-21] Accepted yara 3.8.1-2 (source) into unstable (Hilko Bengen)
[2018-08-22] Accepted yara 3.8.1-1~bpo9+1 (source) into stretch-backports (Hilko Bengen)
[2018-08-22] yara 3.8.1-1 MIGRATED to testing (Debian testing watch)
[2018-08-16] Accepted yara 3.8.1-1 (source) into unstable (Hilko Bengen)
[2018-08-15] yara 3.8.0-5 MIGRATED to testing (Debian testing watch)
[2018-08-09] Accepted yara 3.8.0-5 (source) into unstable (Hilko Bengen)
[2018-08-08] Accepted yara 3.8.0-4 (source) into unstable (Hilko Bengen)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian (21, 22)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.0.2-1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing