Register | Log in

yara

Pattern matching swiss knife for malware researchers

Choose email to subscribe with

general

source: yara (main)
version: 4.0.1-1
maintainer: Debian Security Tools (DMD)
uploaders: Hilko Bengen [DMD]
arch: all any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.0-2+deb8u1
oldstable: 3.5.0+dfsg-9
old-bpo: 3.8.1-2~bpo9+1
stable: 3.9.0-1
testing: 3.11.0-4
unstable: 4.0.1-1

versioned links

3.1.0-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.0+dfsg-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.8.1-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.9.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.11.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.0.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libyara-dev
libyara4
yara
yara-doc

action needed

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2019-19648: In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

Please fix it.

Created: 2019-12-09 Last update: 2020-05-16 23:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-19648: In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

Please fix it.

Created: 2019-12-09 Last update: 2020-05-16 23:00

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2020-05-22 Last update: 2020-05-29 10:25

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2019-19648: In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

Please fix it.

Created: 2019-12-09 Last update: 2020-05-16 23:00

12 ignored security issues in jessie low

There are 12 open security issues in jessie.

12 issues skipped by the security teams:

CVE-2017-8294: libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
CVE-2018-19976: In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
CVE-2017-9438: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
CVE-2017-11328: Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.
CVE-2019-19648: In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
CVE-2018-19974: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
CVE-2018-19975: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
CVE-2017-9465: The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
CVE-2017-8929: The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
CVE-2017-9304: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
CVE-2018-12035: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
CVE-2018-12034: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.

Please fix them.

Created: 2017-04-03 Last update: 2020-05-16 23:00

12 ignored security issues in stretch low

There are 12 open security issues in stretch.

12 issues skipped by the security teams:

CVE-2017-8294: libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
CVE-2018-19976: In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
CVE-2017-9438: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.
CVE-2017-11328: Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.
CVE-2019-19648: In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
CVE-2018-19974: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
CVE-2018-19975: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
CVE-2017-9465: The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
CVE-2017-8929: The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
CVE-2017-9304: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
CVE-2018-12035: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
CVE-2018-12034: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.

Please fix them.

Created: 2017-04-28 Last update: 2020-05-16 23:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.4.0).

Created: 2019-07-08 Last update: 2020-05-17 01:39

testing migrations

This package is part of the ongoing testing transition known as auto-yara. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migration status for yara (3.11.0-4 to 4.0.1-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- Not built on buildd: arch amd64 binaries uploaded by bengen
- Not built on buildd: arch all binaries uploaded by bengen, a new source-only upload is needed to allow migration
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/y/yara.html
- 12 days old (needed 5 days)
- Not considered

news

[2020-05-16] Accepted yara 4.0.1-1 (source amd64 all) into unstable (Hilko Bengen)
[2020-05-05] yara 3.11.0-4 MIGRATED to testing (Debian testing watch)
[2020-04-30] Accepted yara 4.0.0-2 (source) into experimental (Hilko Bengen)
[2020-04-29] Accepted yara 3.11.0-4 (source) into unstable (Hilko Bengen)
[2020-04-29] Accepted yara 4.0.0-1 (source) into experimental (Hilko Bengen)
[2020-04-29] Accepted yara 3.11.0-3 (source) into unstable (Hilko Bengen)
[2020-04-05] Accepted yara 4.0.0~rc3-3 (source) into experimental (Hilko Bengen)
[2020-04-04] Accepted yara 4.0.0~rc3-2 (source) into experimental (Hilko Bengen)
[2020-04-02] Accepted yara 4.0.0~rc3-1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Hilko Bengen)
[2019-10-18] yara 3.11.0-2 MIGRATED to testing (Debian testing watch)
[2019-10-13] Accepted yara 3.11.0-2 (source) into unstable (Hilko Bengen)
[2019-10-10] Accepted yara 3.11.0-1 (source) into unstable (Hilko Bengen)
[2019-09-20] yara 3.10.0-2 MIGRATED to testing (Debian testing watch)
[2019-06-07] Accepted yara 3.10.0-2 (source) into unstable (Hilko Bengen)
[2019-05-03] Accepted yara 3.10.0-1 (source) into unstable (Hilko Bengen)
[2019-03-05] yara 3.9.0-1 MIGRATED to testing (Debian testing watch)
[2019-02-22] Accepted yara 3.9.0-1 (source) into unstable (Hilko Bengen)
[2018-12-27] Accepted yara 3.8.1-2~bpo9+1 (source) into stretch-backports (Hilko Bengen)
[2018-12-24] yara 3.8.1-2 MIGRATED to testing (Debian testing watch)
[2018-12-21] Accepted yara 3.8.1-2 (source) into unstable (Hilko Bengen)
[2018-08-22] Accepted yara 3.8.1-1~bpo9+1 (source) into stretch-backports (Hilko Bengen)
[2018-08-22] yara 3.8.1-1 MIGRATED to testing (Debian testing watch)
[2018-08-16] Accepted yara 3.8.1-1 (source) into unstable (Hilko Bengen)
[2018-08-15] yara 3.8.0-5 MIGRATED to testing (Debian testing watch)
[2018-08-09] Accepted yara 3.8.0-5 (source) into unstable (Hilko Bengen)
[2018-08-08] Accepted yara 3.8.0-4 (source) into unstable (Hilko Bengen)
[2018-08-07] Accepted yara 3.8.0-3 (source) into unstable (Hilko Bengen)
[2018-08-06] Accepted yara 3.8.0-2 (source) into unstable (Hilko Bengen)
[2018-08-06] Accepted yara 3.8.0-1 (source) into unstable (Hilko Bengen)
[2018-07-11] Accepted yara 3.7.1-3~bpo9+1 (source) into stretch-backports (Hilko Bengen)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.11.0-4

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing