==========================================================================
Ubuntu Security Notice USN-8080-1
March 09, 2026
yara vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in YARA.
Software Description:
- yara: The pattern matching swiss knife for malware researchers
Details:
Kamil Frankowicz discovered that a number of YARA's functions
generated memory exceptions when processing specially crafted
rules or files. A remote attacker could possibly use these
issues to cause YARA to crash, resulting in a denial of
service. These issues only affected Ubuntu 16.04 LTS.
(CVE-2016-10211, CVE-2017-5923, CVE-2017-5924, CVE-2017-8294,
CVE-2017-8929, CVE-2017-9304, CVE-2017-9438, CVE-2017-9465)
Jurriaan Bremer discovered that YARA's yr_object_array_set_limit()
function could result in a heap buffer overflow when scanning
specially crafted .NET files. A remote attacker could possibly use
this issue to cause YARA to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11328)
It was discovered that YARA's yr_execute_code() function could
cause an out-of-bounds read or write when parsing specially crafted
compiled rule files. A remote attacker could possibly use these
issues to cause YARA to crash, resulting in a denial of service.
These issues only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2018-12034, CVE-2018-12035)
It was discovered that YARA's virtual machine could be escaped in
certain instances. A remote attacker could possibly use these issues
to execute arbitrary code. These issues only affected Ubuntu 16.04
LTS and Ubuntu 18.04 LTS. (CVE-2018-19974, CVE-2018-19975,
CVE-2018-19976)
It was discovered that YARA's macho_parse_file() function would
generate an out-of-bounds memory access error when parsing a
specially crafted Mach-O file. A remote attacker could possibly use
this issue to cause YARA to crash, resulting in a denial of service,
or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS.
(CVE-2019-19648)
It was discovered that YARA's macho.c implementation contained several
overflow reads, which could be triggered when parsing specially
crafted Mach-O files. A remote attacker could possibly use this issue
to cause YARA to crash, resulting in a denial of service, or to learn
sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-3402)
It was discovered that YARA's yr_set_configuration() function could
trigger a buffer overflow when parsing specially crafted rules. A
remote attacker could possibly use this issue to cause YARA to crash,
resulting in a denial of service. This issue only affected Ubuntu
18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-45429)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libyara3 3.9.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
yara 3.9.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libyara3 3.7.1-1ubuntu2+esm1
Available with Ubuntu Pro
yara 3.7.1-1ubuntu2+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libyara3 3.4.0+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
python-yara 3.4.0+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
python3-yara 3.4.0+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
yara 3.4.0+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8080-1
CVE-2016-10211, CVE-2017-11328, CVE-2017-5923, CVE-2017-5924,
CVE-2017-8294, CVE-2017-8929, CVE-2017-9304, CVE-2017-9438,
CVE-2017-9465, CVE-2018-12034, CVE-2018-12035, CVE-2018-19974,
CVE-2018-19975, CVE-2018-19976, CVE-2019-19648, CVE-2021-3402,
CVE-2021-45429
No comments:
Post a Comment