Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 623
Alerts This Week
Warning Icon 1 623

Ubuntu 22.04 LTS USN-7177-1: YARA Denial of Service Issue

ubuntu
Calendar Grey December 18, 2024
Dist Ubuntu Esm H88
The Ubuntu Security Announcement USN-7178-1 addresses a vulnerability in Bind that impacts LTS releases, providing users with secure measures to rectify the issue.
YARA could be made to crash if it received specially crafted input.

Summary

YARA could be made to crash if it received specially crafted

input.

Software Description:

- yara: Pattern matching swiss knife for malware researchers

Details:

It was discovered that YARA did not properly sanitize its

configuration settings. An attacker could potentially exploit this issue to

cause a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  libyara8                        4.1.3-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  yara                            4.1.3-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7177-1

CVE-2021-45429

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7177-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.