{"id":"MGASA-2018-0129","summary":"Updated nasm packages fix security vulnerabilities","details":"This update provides nasm 2.13.03 and fixes the following security issues:\n\nIn Netwide Assembler (NASM) 2.14rc0, there is a \"SEGV on unknown address\"\nthat will cause a remote denial of service attack, because asm/preproc.c\nmishandles macro calls that have the wrong number of arguments.\n\nIn Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow\nthat will cause a remote denial of service attack, related to a strcpy in\npaste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.\n\nIn Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read\nin the function detoken() in asm/preproc.c that will cause a remote denial\nof service attack.\n\nIn Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the\npp_list_one_macro function in asm/preproc.c that will cause a remote denial\nof service attack, related to mishandling of line-syntax errors.\n\nIn Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in\ndo_directive in asm/preproc.c that will cause a remote denial of service\nattack.\n\nIn Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in\nis_mmacro() in asm/preproc.c that will cause a remote denial of service\nattack, because of a missing check for the relationship between minimum\nand maximum parameter counts.\n\nIn Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in\npp_getline in asm/preproc.c that will cause a remote denial of service\nattack.\n\nIn Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in\npp_verror in asm/preproc.c that will cause a remote denial of service\nattack.\n\nIn Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read\nthat will cause a remote denial of service attack, related to a while loop\nin paste_tokens in asm/preproc.c.\n\nIn Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in\nthe function find_cc() in asm/preproc.c that will cause a remote denial of\nservice attack, because pointers associated with skip_white_ calls are not\nvalidated.\n\nIn Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in\npp_list_one_macro in asm/preproc.c that will lead to a remote denial of\nservice attack, related to mishandling of operand-type errors.\n","modified":"2026-04-16T01:49:03.265133827Z","published":"2018-02-17T12:19:18Z","upstream":["CVE-2017-17810","CVE-2017-17811","CVE-2017-17812","CVE-2017-17813","CVE-2017-17814","CVE-2017-17815","CVE-2017-17816","CVE-2017-17817","CVE-2017-17818","CVE-2017-17819","CVE-2017-17820"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0129.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22388"}],"affected":[{"package":{"name":"nasm","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nasm?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13.03-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0129.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}