USN-8080-1: YARA vulnerabilities

Packages

yara - The pattern matching swiss knife for malware researchers

Details

Kamil Frankowicz discovered that a number of YARA's functions
generated memory exceptions when processing specially crafted
rules or files. A remote attacker could possibly use these
issues to cause YARA to crash, resulting in a denial of
service. These issues only affected Ubuntu 16.04 LTS.
(CVE-2016-10211, CVE-2017-5923, CVE-2017-5924, CVE-2017-8294,
CVE-2017-8929, CVE-2017-9304, CVE-2017-9438, CVE-2017-9465)

Jurriaan Bremer discovered that YARA's yr_object_array_set_limit()
function could result in a heap buffer overflow when scanning
specially crafted .NET files. A remote attacker could possibly use
this issue to cause YARA to crash,...

Kamil Frankowicz discovered that a number of YARA's functions
generated memory exceptions when processing specially crafted
rules or files. A remote attacker could possibly use these
issues to cause YARA to crash, resulting in a denial of
service. These issues only affected Ubuntu 16.04 LTS.
(CVE-2016-10211, CVE-2017-5923, CVE-2017-5924, CVE-2017-8294,
CVE-2017-8929, CVE-2017-9304, CVE-2017-9438, CVE-2017-9465)

Jurriaan Bremer discovered that YARA's yr_object_array_set_limit()
function could result in a heap buffer overflow when scanning
specially crafted .NET files. A remote attacker could possibly use
this issue to cause YARA to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11328)

It was discovered that YARA's yr_execute_code() function could
cause an out-of-bounds read or write when parsing specially crafted
compiled rule files. A remote attacker could possibly use these
issues to cause YARA to crash, resulting in a denial of service.
These issues only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2018-12034, CVE-2018-12035)

It was discovered that YARA's virtual machine could be escaped in
certain instances. A remote attacker could possibly use these issues
to execute arbitrary code. These issues only affected Ubuntu 16.04
LTS and Ubuntu 18.04 LTS. (CVE-2018-19974, CVE-2018-19975,
CVE-2018-19976)

It was discovered that YARA's macho_parse_file() function would
generate an out-of-bounds memory access error when parsing a
specially crafted Mach-O file. A remote attacker could possibly use
this issue to cause YARA to crash, resulting in a denial of service,
or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS.
(CVE-2019-19648)

It was discovered that YARA's macho.c implementation contained several
overflow reads, which could be triggered when parsing specially
crafted Mach-O files. A remote attacker could possibly use this issue
to cause YARA to crash, resulting in a denial of service, or to learn
sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-3402)

It was discovered that YARA's yr_set_configuration() function could
trigger a buffer overflow when parsing specially crafted rules. A
remote attacker could possibly use this issue to cause YARA to crash,
resulting in a denial of service. This issue only affected Ubuntu
18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-45429)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
20.04 LTS focal	libyara3 – 3.9.0-1ubuntu0.1~esm1
20.04 LTS focal	yara – 3.9.0-1ubuntu0.1~esm1
18.04 LTS bionic	libyara3 – 3.7.1-1ubuntu2+esm1
18.04 LTS bionic	yara – 3.7.1-1ubuntu2+esm1
16.04 LTS xenial	libyara3 – 3.4.0+dfsg-2ubuntu0.1~esm1
	python-yara – 3.4.0+dfsg-2ubuntu0.1~esm1
	python3-yara – 3.4.0+dfsg-2ubuntu0.1~esm1
	yara – 3.4.0+dfsg-2ubuntu0.1~esm1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

USN-7177-1

USN-7177-1

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices