Register | Log in

yara

Pattern matching swiss knife for malware researchers

Choose email to subscribe with

general

source: yara (main)
version: 3.8.1-2
maintainer: Debian Security Tools [DMD]
uploaders: Hilko Bengen [DMD]
arch: all any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-bpo: 3.1.0-2~bpo70+1
oldstable: 3.1.0-2+deb8u1
old-bpo: 3.5.0+dfsg-9~bpo8+1
stable: 3.5.0+dfsg-9
stable-bpo: 3.8.1-2~bpo9+1
testing: 3.8.1-2
unstable: 3.8.1-2

versioned links

3.1.0-2~bpo70+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.0-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.0+dfsg-9~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.0+dfsg-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.7.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.8.1-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.8.1-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.8.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libyara-dev
libyara3
yara
yara-doc

action needed

11 ignored security issues in stretch low

There are 11 open security issues in stretch.

11 issues skipped by the security teams:

CVE-2017-11328: Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.
CVE-2018-19976: In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
CVE-2017-9438: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
CVE-2017-9465: The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
CVE-2017-8294: libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
CVE-2017-8929: The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
CVE-2018-19974: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
CVE-2018-12034: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
CVE-2018-12035: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
CVE-2018-19975: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
CVE-2017-9304: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.

Please fix them.

Created: 2017-04-28 Last update: 2019-01-06 06:20

11 ignored security issues in jessie low

There are 11 open security issues in jessie.

11 issues skipped by the security teams:

CVE-2017-11328: Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.
CVE-2018-19976: In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
CVE-2017-9438: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
CVE-2017-9465: The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
CVE-2017-8294: libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
CVE-2017-8929: The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
CVE-2018-19974: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
CVE-2018-12034: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
CVE-2018-12035: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
CVE-2018-19975: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
CVE-2017-9304: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.

Please fix them.

Created: 2017-04-03 Last update: 2019-01-06 06:20

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2018-12-23 17:14

news

[2018-12-27] Accepted yara 3.8.1-2~bpo9+1 (source) into stretch-backports (Hilko Bengen)
[2018-12-24] yara 3.8.1-2 MIGRATED to testing (Debian testing watch)
[2018-12-21] Accepted yara 3.8.1-2 (source) into unstable (Hilko Bengen)
[2018-08-22] Accepted yara 3.8.1-1~bpo9+1 (source) into stretch-backports (Hilko Bengen)
[2018-08-22] yara 3.8.1-1 MIGRATED to testing (Debian testing watch)
[2018-08-16] Accepted yara 3.8.1-1 (source) into unstable (Hilko Bengen)
[2018-08-15] yara 3.8.0-5 MIGRATED to testing (Debian testing watch)
[2018-08-09] Accepted yara 3.8.0-5 (source) into unstable (Hilko Bengen)
[2018-08-08] Accepted yara 3.8.0-4 (source) into unstable (Hilko Bengen)
[2018-08-07] Accepted yara 3.8.0-3 (source) into unstable (Hilko Bengen)
[2018-08-06] Accepted yara 3.8.0-2 (source) into unstable (Hilko Bengen)
[2018-08-06] Accepted yara 3.8.0-1 (source) into unstable (Hilko Bengen)
[2018-07-11] Accepted yara 3.7.1-3~bpo9+1 (source) into stretch-backports (Hilko Bengen)
[2018-06-22] yara 3.7.1-3 MIGRATED to testing (Debian testing watch)
[2018-06-17] Accepted yara 3.7.1-3 (source) into unstable (Hilko Bengen)
[2018-02-19] yara 3.7.1-2 MIGRATED to testing (Debian testing watch)
[2018-02-13] Accepted yara 3.7.1-2 (source) into unstable (Hilko Bengen)
[2018-01-21] yara 3.7.1-1 MIGRATED to testing (Debian testing watch)
[2018-01-16] Accepted yara 3.7.1-1 (source) into unstable (Hilko Bengen)
[2017-12-08] Accepted yara 3.7.0-5~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Hilko Bengen)
[2017-11-30] yara 3.7.0-5 MIGRATED to testing (Debian testing watch)
[2017-11-24] Accepted yara 3.7.0-5 (source) into unstable (Hilko Bengen)
[2017-11-20] Accepted yara 3.7.0-4 (source) into unstable (Hilko Bengen)
[2017-11-17] yara 3.7.0-3 MIGRATED to testing (Debian testing watch)
[2017-11-11] Accepted yara 3.7.0-3 (source) into unstable (Hilko Bengen)
[2017-11-10] Accepted yara 3.7.0-2 (source) into unstable (Hilko Bengen)
[2017-11-10] Accepted yara 3.7.0-1 (source) into unstable (Hilko Bengen)
[2017-07-12] yara 3.6.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2017-07-06] Accepted yara 3.6.3+dfsg-1 (source) into unstable (Hilko Bengen)
[2017-07-06] yara 3.6.2+dfsg-4 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.8.1-2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing