UbuntuUpdates.org

Package "nasm"

Name: nasm

Description:

General-purpose x86 assembler
Latest version: 2.11.08-1ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: universe
Homepage: http://www.nasm.us/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "nasm"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "nasm" in Xenial

Repository Area Version
base universe 2.11.08-1
updates universe 2.11.08-1ubuntu0.1

Changelog

Version: 2.11.08-1ubuntu0.1 2018-06-28 20:06:52 UTC

  nasm (2.11.08-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via heap use-after-free
    - debian/patches/CVE-2017-10686-1.patch: don't call free_mmacro in
      preproc.c.
    - debian/patches/CVE-2017-10686-2.patch: free token's text if only it
      has been modified in preproc.c.
    - CVE-2017-10686
  * SECURITY UPDATE: heap buffer overflow
    - debian/patches/CVE-2017-11111.patch: only concat tok->text if we
      accounted for its size in preproc.c.
    - CVE-2017-11111
  * SECURITY UPDATE: NULL pointer dereference in paste_tokens
    - debian/patches/CVE-2017-14228.patch: check length in preproc.c.
    - CVE-2017-14228
  * SECURITY UPDATE: DoS via macro calls with wrong number of arguments
    - debian/patches/CVE-2017-17810.patch: check arguments in preproc.c.
    - CVE-2017-17810
  * SECURITY UPDATE: DoS via heap over-read
    - debian/patches/CVE-2017-17812.patch: check for data to process in
      preproc.c.
    - CVE-2017-17812
  * SECURITY UPDATE: DoS via missing check
    - debian/patches/CVE-2017-17815.patch: don't leave nparam_max less than
      nparam_min in preproc.c.
    - CVE-2017-17815
  * SECURITY UPDATE: DoS via incorrect validation
    - debian/patches/CVE-2017-17819.patch: check for NULL pointer in
      preproc.c.
    - CVE-2017-17819
  * SECURITY UPDATE: heap-based overread
    - debian/patches/CVE-2018-8881.patch: handle unterminated strings in
      preproc.c.
    - CVE-2018-8881
  * The above patches also fix the following CVEs:
    - CVE-2017-17811
    - CVE-2017-17813
    - CVE-2017-17814
    - CVE-2017-17816
    - CVE-2017-17817
    - CVE-2017-17818
    - CVE-2017-17820

 -- Marc Deslauriers <email address hidden> Thu, 28 Jun 2018 09:11:21 -0400
CVE-2017-10686 In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the to
CVE-2017-11111 In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash
CVE-2017-14228 In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference.
CVE-2017-17810 In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mi
CVE-2017-17812 In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denia
CVE-2017-17815 In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service at
CVE-2017-17819 In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of
CVE-2018-8881 Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
CVE-2017-17811 In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in
CVE-2017-17813 In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of
CVE-2017-17814 In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17816 In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17817 In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17818 In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loo
CVE-2017-17820 In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service att


About   -   Send Feedback to @ubuntu_updates