[Bug 1039012] VUL-0: CVE-2017-8929: yara: denial of service (use-after-free and application crash) via a crafted rule (sized_string_cmp func in libyara/sizedstr.c)
http://bugzilla.novell.com/show_bug.cgi?id=1039012 http://bugzilla.novell.com/show_bug.cgi?id=1039012#c2 Greg Freemyer <Greg.Freemyer@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED --- Comment #2 from Greg Freemyer <Greg.Freemyer@gmail.com> --- This CVE was addressed in Yara v3.6.0. v3.6.1 is available in security:forensics and has been submitted to factory and should be in Leap 42.3. It is recommended users of Yara use the security:forensics package. It is unlikely this CVE will be addressed in Leap 42.2. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com