nasm 2.10.09-1ubuntu0.1 source package in Ubuntu
Changelog
nasm (2.10.09-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: code execution via heap use-after-free
- debian/patches/CVE-2017-10686-1.patch: don't call free_mmacro in
preproc.c.
- debian/patches/CVE-2017-10686-2.patch: free token's text if only it
has been modified in preproc.c.
- CVE-2017-10686
* SECURITY UPDATE: heap buffer overflow
- debian/patches/CVE-2017-11111.patch: only concat tok->text if we
accounted for its size in preproc.c.
- CVE-2017-11111
* SECURITY UPDATE: NULL pointer dereference in paste_tokens
- debian/patches/CVE-2017-14228.patch: check length in preproc.c.
- CVE-2017-14228
* SECURITY UPDATE: DoS via macro calls with wrong number of arguments
- debian/patches/CVE-2017-17810.patch: check arguments in preproc.c.
- CVE-2017-17810
* SECURITY UPDATE: DoS via heap over-read
- debian/patches/CVE-2017-17812.patch: check for data to process in
preproc.c.
- CVE-2017-17812
* SECURITY UPDATE: DoS via missing check
- debian/patches/CVE-2017-17815.patch: don't leave nparam_max less than
nparam_min in preproc.c.
- CVE-2017-17815
* SECURITY UPDATE: DoS via incorrect validation
- debian/patches/CVE-2017-17819.patch: check for NULL pointer in
preproc.c.
- CVE-2017-17819
* SECURITY UPDATE: heap-based overread
- debian/patches/CVE-2018-8881.patch: handle unterminated strings in
preproc.c.
- CVE-2018-8881
* The above patches also fix the following CVEs:
- CVE-2017-17811
- CVE-2017-17813
- CVE-2017-17814
- CVE-2017-17816
- CVE-2017-17817
- CVE-2017-17818
- CVE-2017-17820
-- Marc Deslauriers <email address hidden> Thu, 28 Jun 2018 09:15:32 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- devel
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Trusty | updates | main | devel | |
| Trusty | security | main | devel |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| nasm_2.10.09.orig.tar.xz | 670.3 KiB | 9ffd9f910c783ee798cf2986cec01ebeeb01ba0ecacef64d2d4bea927c41fbf2 |
| nasm_2.10.09-1ubuntu0.1.debian.tar.bz2 | 18.2 KiB | ca71724f9a0f8136111492d524e571cca9c90a1b0c0ae05660c62b302827cf59 |
| nasm_2.10.09-1ubuntu0.1.dsc | 1.8 KiB | 7e559ed51e2df46252271aca351bfa69353c3b39aeac544af67d70119c9a5f03 |
Available diffs
Binary packages built by this source
- nasm: General-purpose x86 assembler
Netwide Assembler. NASM will currently output flat-form binary files,
a.out, COFF and ELF Unix object files, and Microsoft 16-bit DOS and
Win32 object files.
.
Also included is NDISASM, a prototype x86 binary-file disassembler
which uses the same instruction table as NASM.
.
NASM is released under the GNU Lesser General Public License (LGPL).
- nasm-dbgsym: debug symbols for package nasm
Netwide Assembler. NASM will currently output flat-form binary files,
a.out, COFF and ELF Unix object files, and Microsoft 16-bit DOS and
Win32 object files.
.
Also included is NDISASM, a prototype x86 binary-file disassembler
which uses the same instruction table as NASM.
.
NASM is released under the GNU Lesser General Public License (LGPL).
