Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 464
Alerts This Week
Warning Icon 1 464

Fedora 24: Security Fix for Yara Critical Buffer Over-Read

fedora
Calendar Grey July 12, 2017
Dist Fedora Esm H88
Investigate the Fedora 24 Yara security patch addressing severe buffer over-read vulnerabilities and additional enhancements in malware identification utilities.
Security fix for CVE-2017-9304, CVE-2017-9465

Summary

YARA is a tool aimed at (but not limited to) helping malware researchers to

identify and classify malware samples. With YARA you can create descriptions

of malware families (or whatever you want to describe) based on textual or

binary patterns. Each description, a.k.a rule, consists of a set of strings

and a Boolean expression which determine its logic.

Security fix for CVE-2017-9304, CVE-2017-9465

[ 1 ] Bug #1459490 - CVE-2017-9465 yara: Buffer over-read in yr_arena_write_data function

https://bugzilla.redhat.com/show_bug.cgi?id=1459490

su -c 'dnf upgrade yara' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 24
Version: 3.6.2
Release: 1.fc24
Summary: Pattern matching Swiss knife for malware researchers

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.