nasm 2.11.08-1ubuntu0.1 source package in Ubuntu

Changelog

nasm (2.11.08-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via heap use-after-free
    - debian/patches/CVE-2017-10686-1.patch: don't call free_mmacro in
      preproc.c.
    - debian/patches/CVE-2017-10686-2.patch: free token's text if only it
      has been modified in preproc.c.
    - CVE-2017-10686
  * SECURITY UPDATE: heap buffer overflow
    - debian/patches/CVE-2017-11111.patch: only concat tok->text if we
      accounted for its size in preproc.c.
    - CVE-2017-11111
  * SECURITY UPDATE: NULL pointer dereference in paste_tokens
    - debian/patches/CVE-2017-14228.patch: check length in preproc.c.
    - CVE-2017-14228
  * SECURITY UPDATE: DoS via macro calls with wrong number of arguments
    - debian/patches/CVE-2017-17810.patch: check arguments in preproc.c.
    - CVE-2017-17810
  * SECURITY UPDATE: DoS via heap over-read
    - debian/patches/CVE-2017-17812.patch: check for data to process in
      preproc.c.
    - CVE-2017-17812
  * SECURITY UPDATE: DoS via missing check
    - debian/patches/CVE-2017-17815.patch: don't leave nparam_max less than
      nparam_min in preproc.c.
    - CVE-2017-17815
  * SECURITY UPDATE: DoS via incorrect validation
    - debian/patches/CVE-2017-17819.patch: check for NULL pointer in
      preproc.c.
    - CVE-2017-17819
  * SECURITY UPDATE: heap-based overread
    - debian/patches/CVE-2018-8881.patch: handle unterminated strings in
      preproc.c.
    - CVE-2018-8881
  * The above patches also fix the following CVEs:
    - CVE-2017-17811
    - CVE-2017-17813
    - CVE-2017-17814
    - CVE-2017-17816
    - CVE-2017-17817
    - CVE-2017-17818
    - CVE-2017-17820

 -- Marc Deslauriers <email address hidden>  Thu, 28 Jun 2018 09:11:21 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2018-06-28
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates on 2018-06-28 universe devel
Xenial security on 2018-06-28 universe devel

Downloads

File Size SHA-256 Checksum
nasm_2.11.08.orig.tar.xz 746.9 KiB c99467c7072211c550d147640d8a1a0aa4d636d4d8cf849f3bf4317d900a1f7f
nasm_2.11.08-1ubuntu0.1.debian.tar.xz 17.5 KiB edabb000cf5897f130d65efda9d872e618b428f943d89a06c346c24b96a6c541
nasm_2.11.08-1ubuntu0.1.dsc 1.8 KiB f890d5795f11038731a40ce569ab51ce491f3d3de93534854c25b75345148492

View changes file

Binary packages built by this source

nasm: General-purpose x86 assembler

 Netwide Assembler. NASM will currently output flat-form binary files,
 a.out, COFF and ELF Unix object files, and Microsoft 16-bit DOS and
 Win32 object files.
 .
 Also included is NDISASM, a prototype x86 binary-file disassembler
 which uses the same instruction table as NASM.
 .
 NASM is released under the GNU Lesser General Public License (LGPL).

nasm-dbgsym: debug symbols for package nasm

 Netwide Assembler. NASM will currently output flat-form binary files,
 a.out, COFF and ELF Unix object files, and Microsoft 16-bit DOS and
 Win32 object files.
 .
 Also included is NDISASM, a prototype x86 binary-file disassembler
 which uses the same instruction table as NASM.
 .
 NASM is released under the GNU Lesser General Public License (LGPL).