Register | Log in

yara

Pattern matching swiss knife for malware researchers

Choose email to subscribe with

general

source: yara (main)
version: 3.9.0-1
maintainer: Debian Security Tools [DMD]
uploaders: Hilko Bengen [DMD]
arch: all any
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 3.1.0-2+deb8u1
old-bpo: 3.5.0+dfsg-9~bpo8+1
stable: 3.5.0+dfsg-9
stable-bpo: 3.8.1-2~bpo9+1
testing: 3.9.0-1
unstable: 3.9.0-1

versioned links

3.1.0-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.0+dfsg-9~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.0+dfsg-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.7.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.8.1-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.9.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libyara-dev
libyara3
yara
yara-doc

action needed

11 ignored security issues in jessie low

There are 11 open security issues in jessie.

11 issues skipped by the security teams:

CVE-2018-19974: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
CVE-2018-12034: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
CVE-2017-8294: libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
CVE-2017-9304: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
CVE-2017-11328: Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.
CVE-2018-19976: In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
CVE-2018-12035: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
CVE-2018-19975: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
CVE-2017-8929: The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
CVE-2017-9465: The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
CVE-2017-9438: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.

Please fix them.

Created: 2017-04-03 Last update: 2019-03-05 06:05

11 ignored security issues in stretch low

There are 11 open security issues in stretch.

11 issues skipped by the security teams:

CVE-2018-19974: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
CVE-2018-12034: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
CVE-2017-8294: libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.
CVE-2017-9304: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
CVE-2017-11328: Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.
CVE-2018-19976: In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
CVE-2018-12035: In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
CVE-2018-19975: In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
CVE-2017-8929: The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
CVE-2017-9465: The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.
CVE-2017-9438: libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.

Please fix them.

Created: 2017-04-28 Last update: 2019-03-05 06:05

news

[2019-03-05] yara 3.9.0-1 MIGRATED to testing (Debian testing watch)
[2019-02-22] Accepted yara 3.9.0-1 (source) into unstable (Hilko Bengen)
[2018-12-27] Accepted yara 3.8.1-2~bpo9+1 (source) into stretch-backports (Hilko Bengen)
[2018-12-24] yara 3.8.1-2 MIGRATED to testing (Debian testing watch)
[2018-12-21] Accepted yara 3.8.1-2 (source) into unstable (Hilko Bengen)
[2018-08-22] Accepted yara 3.8.1-1~bpo9+1 (source) into stretch-backports (Hilko Bengen)
[2018-08-22] yara 3.8.1-1 MIGRATED to testing (Debian testing watch)
[2018-08-16] Accepted yara 3.8.1-1 (source) into unstable (Hilko Bengen)
[2018-08-15] yara 3.8.0-5 MIGRATED to testing (Debian testing watch)
[2018-08-09] Accepted yara 3.8.0-5 (source) into unstable (Hilko Bengen)
[2018-08-08] Accepted yara 3.8.0-4 (source) into unstable (Hilko Bengen)
[2018-08-07] Accepted yara 3.8.0-3 (source) into unstable (Hilko Bengen)
[2018-08-06] Accepted yara 3.8.0-2 (source) into unstable (Hilko Bengen)
[2018-08-06] Accepted yara 3.8.0-1 (source) into unstable (Hilko Bengen)
[2018-07-11] Accepted yara 3.7.1-3~bpo9+1 (source) into stretch-backports (Hilko Bengen)
[2018-06-22] yara 3.7.1-3 MIGRATED to testing (Debian testing watch)
[2018-06-17] Accepted yara 3.7.1-3 (source) into unstable (Hilko Bengen)
[2018-02-19] yara 3.7.1-2 MIGRATED to testing (Debian testing watch)
[2018-02-13] Accepted yara 3.7.1-2 (source) into unstable (Hilko Bengen)
[2018-01-21] yara 3.7.1-1 MIGRATED to testing (Debian testing watch)
[2018-01-16] Accepted yara 3.7.1-1 (source) into unstable (Hilko Bengen)
[2017-12-08] Accepted yara 3.7.0-5~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Hilko Bengen)
[2017-11-30] yara 3.7.0-5 MIGRATED to testing (Debian testing watch)
[2017-11-24] Accepted yara 3.7.0-5 (source) into unstable (Hilko Bengen)
[2017-11-20] Accepted yara 3.7.0-4 (source) into unstable (Hilko Bengen)
[2017-11-17] yara 3.7.0-3 MIGRATED to testing (Debian testing watch)
[2017-11-11] Accepted yara 3.7.0-3 (source) into unstable (Hilko Bengen)
[2017-11-10] Accepted yara 3.7.0-2 (source) into unstable (Hilko Bengen)
[2017-11-10] Accepted yara 3.7.0-1 (source) into unstable (Hilko Bengen)
[2017-07-12] yara 3.6.3+dfsg-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.8.1-2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing