-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Jul 2016 19:03:02 +0200 Source: nasm Binary: nasm Architecture: source amd64 Version: 2.10.01-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Anibal Monsalve Salazar <anibal@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: nasm - General-purpose x86 assembler Changes: nasm (2.10.01-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2017-10686 In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack. * CVE-2017-11111 In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. Checksums-Sha1: 5e2c823a59292b23e0f51bc797aef1fcbee3235a 1925 nasm_2.10.01-1+deb7u1.dsc 00c332384bc7b15cba72e4438b471e91f757ac3b 813979 nasm_2.10.01.orig.tar.bz2 8035527eec90be5c8ee6d2a7cc796d866dbfd681 16110 nasm_2.10.01-1+deb7u1.debian.tar.bz2 c0a24beea69092f5960886d7f6d2c8a2b431c5fa 1486656 nasm_2.10.01-1+deb7u1_amd64.deb Checksums-Sha256: 096c1ed946a12b0d603d815cda7bd1f054cf79acaf9f0168f93db769beb39824 1925 nasm_2.10.01-1+deb7u1.dsc ac9b37d265c35492ab1bc29dd5a4f3da11b42dd9fea7a31d95f6cb4c812bda84 813979 nasm_2.10.01.orig.tar.bz2 c6e669f07b56b31cdf85760769f2bc68416b699f042327b58fa567e3b396a11e 16110 nasm_2.10.01-1+deb7u1.debian.tar.bz2 84006f38243a7a3a560a1343ba1ba0c7c26091c7a6f8d87a8e6da9c058049d5c 1486656 nasm_2.10.01-1+deb7u1_amd64.deb Files: 1bffb7cba366eee942edfd4d44ae3023 1925 devel optional nasm_2.10.01-1+deb7u1.dsc 2e02cb6e90f52950eaaa8cce7a9f2327 813979 devel optional nasm_2.10.01.orig.tar.bz2 707dd28e1b30bee35d7a4816ff95ab94 16110 devel optional nasm_2.10.01-1+deb7u1.debian.tar.bz2 894aefa4e124b59030a72294c970730a 1486656 devel optional nasm_2.10.01-1+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAll7fUtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR/DpEACZGMbOdVnKF5ddlr4IwJ4VinJGW43r SO9nSgVBDFaJw/Tx54E/4ZE+TorF/wt5ORC+oGLK1l1mYNm/tsJbhwRZ2J0PSc5J 3YeKWCrKHhvm71XUmhVw2yMhQCqdKM9OMwMt0J3pRlu+aC8TeZ43cv1ozcuUkXQZ dQF7yGWGgWL9V15rdPqHqxfAEg067mwmamBf6CsD2nOlpMwbGfFNgVBLrvbuG4VI egqKRQYt5ooOdReMcZ67nSO//fGhQ3x5/2/VuheFMzwjtK91MnagSl+Yf6wBul4p 2W4ap46MU7b3yD4PJyxCPg0y5akjwzDgjKN+5TF7t70e+LM/R7PqWCW8nLDsFsp0 xNqZJIAIiD2ejbYvEGyi3fVCQ7IkvcA/9ngDRy7teCoI5YeZm/rGtXRIYQ5VxWFU j5Q6Lre+KkIEjvYBFRLsnojzhBv5SyVYZUMCFH11hZgKbwc0tDmOaTseXW2S1UPu 8z/pZSbC1XoMzW1dZS8xkIcB7W/gm2zMcYoodKfavtXgwypxSM9bMclM9eXhEZ+s CUOinGgdGR/xpHNAhmgnt7EYX91kIJ3VHRtB3gjnNuKxVA8AGonxSyHgVkyqOWO2 ZoFi5dMRoQl1NNryGHuX2ib/73pwEBQjTA0dV1cbgbAcRPtrbjrPubp8Fsb5lBt6 UnZnV9pWduyifw== =R8IG -----END PGP SIGNATURE-----
