drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in YARA
| Name: |
Denial of Service in YARA |
|
| ID: |
USN-7177-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 22.04 LTS |
|
| Datum: |
Mi, 18. Dezember 2024, 23:24 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45429 |
|
| Applikationen: |
YARA |
|
Originalnachricht |
--===============5503222669164179630==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="hdxuulkk3hnpjn6h"
Content-Disposition: inline
--hdxuulkk3hnpjn6h
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-7177-1
December 18, 2024
yara vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
YARA could be made to crash if it received specially crafted
input.
Software Description:
- yara: Pattern matching swiss knife for malware researchers
Details:
It was discovered that YARA did not properly sanitize its
configuration settings. An attacker could potentially exploit this issue to
cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libyara8 4.1.3-1ubuntu0.1~esm1
Available with Ubuntu Pro
yara 4.1.3-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7177-1
CVE-2021-45429
--hdxuulkk3hnpjn6h
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAmdjII0ACgkQbUp5kL3i
zGZhAA//cEzPUVFkfMORFGW3s1HlcggJ5tdgMEnoMB3LDvOprIGcR3Pk6bkJj2EY
zDSlKIQ9jQcylLkNDuiYoK4/QYXujhWxVOB/L4I7e4500yoqI95u1wLy2jEbPvB8
TjHFKOIsogGubYkjB4lvZo+XzEeq3futis1/U1nmf/2tvy0w8IWCpiYRnpjnbqri
lzirta8a+fk36etXlw/w/LgkpV82UtlW4AtlTUm8K3zjT5RvLlG98KmojJnRyQl/
UYyMsS6ZtjBmjfOtYJMwFPhV4zm6GyLJ8IZDHIYht9fcAE/EGCjhI2Ly3ZknwqR/
AWkr4fj1IhndV9zE1XOIFDgI+flZiblrluFEjeVyjLchNIUgxRFIs8as8AUNhUKf
4WZAjpPPj10S5BDrRC9eZaCAgxhbDAuu8VrCgpwjeHlPXs9uzDg/qnpi0qbxqBx/
rRSiIvn/A60+wp0y8Rucc7F4TPoiYSYFOju3prWqfG9bxozlA54xczvVNAlUf1Pr
YD1NLQNY/DbQ+LCK9tMCjbWROVVOHYjVWbxSz2H7W6xgqYY0pccktyMenIfHFXay
oHOjV4VzqAiNYq1qQQfFQ7leKdtI2w3cntsYOLFrfmWqScXVXJ2qRP8SMVH234sD
sIzIvKMh9rEFzrIWXLfL+jVtfWPmXqflfkWL2Qg1D1n3pv45dAc=
=FRCp
-----END PGP SIGNATURE-----
--hdxuulkk3hnpjn6h--
--===============5503222669164179630==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--===============5503222669164179630==--
|
|
|
|
