Register | Log in

nasm

General-purpose x86 assembler

Choose email to subscribe with

general

source: nasm (main)
version: 2.14-1
maintainer: Anibal Monsalve Salazar [DMD] [LowNMU]
uploaders: Jordan Justen [DMD]
arch: any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.10.01-1
o-o-sec: 2.10.01-1+deb7u1
oldstable: 2.11.05-1
stable: 2.12.01-1
testing: 2.14-1
unstable: 2.14-1

versioned links

2.10.01-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.10.01-1+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.11.05-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.12.01-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.14-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

nasm

action needed

4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:

CVE-2018-20538: There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.
CVE-2018-20535: There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.
CVE-2019-8343:
CVE-2018-19755: There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.

Please fix them.

Created: 2018-11-30 Last update: 2019-02-15 23:44

23 security issues in jessie high

There are 23 open security issues in jessie.

1 important issue:

CVE-2019-8343:

22 issues skipped by the security teams:

CVE-2017-17819: In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
CVE-2017-17816: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17813: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.
CVE-2017-11111: In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2018-20535: There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.
CVE-2018-10254: Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
CVE-2018-19216: Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
CVE-2018-8882: Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
CVE-2018-8881: Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
CVE-2017-17812: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17815: In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.
CVE-2017-10686: In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
CVE-2018-19755: There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
CVE-2017-17818: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
CVE-2017-17810: In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.
CVE-2018-10016: Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
CVE-2018-8883: Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.
CVE-2017-17817: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
CVE-2018-20538: There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.
CVE-2017-17814: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17820: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
CVE-2017-17811: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.

Please fix them.

Created: 2017-06-30 Last update: 2019-02-15 23:44

4 security issues in buster high

There are 4 open security issues in buster.

4 important issues:

CVE-2018-20538: There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.
CVE-2018-20535: There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.
CVE-2019-8343:
CVE-2018-19755: There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.

Please fix them.

Created: 2018-11-30 Last update: 2019-02-15 23:44

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In watch file debian/watch, reading webpage
  https://www.nasm.us/pub/nasm/releasebuilds/ failed: 500 Can't connect to www.nasm.us:443

Created: 2019-02-13 Last update: 2019-02-15 19:18

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2018-11-30 Last update: 2019-02-15 23:40

23 ignored security issues in stretch low

There are 23 open security issues in stretch.

23 issues skipped by the security teams:

CVE-2017-17819: In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
CVE-2017-17816: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17813: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.
CVE-2017-11111: In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2018-20535: There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.
CVE-2018-10254: Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
CVE-2019-8343:
CVE-2018-19216: Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
CVE-2018-8882: Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
CVE-2018-8881: Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
CVE-2017-17812: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17815: In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.
CVE-2017-10686: In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
CVE-2018-19755: There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
CVE-2017-17818: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
CVE-2017-17810: In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.
CVE-2018-10016: Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
CVE-2018-8883: Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.
CVE-2017-17817: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
CVE-2018-20538: There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.
CVE-2017-17814: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17820: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
CVE-2017-17811: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.

Please fix them.

Created: 2017-06-30 Last update: 2019-02-15 23:44

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2018-12-23 17:15

news

[2018-11-23] nasm 2.14-1 MIGRATED to testing (Debian testing watch)
[2018-11-18] Accepted nasm 2.14-1 (source) into unstable (Jordan Justen)
[2018-08-14] nasm 2.13.03-2 MIGRATED to testing (Debian testing watch)
[2018-08-08] Accepted nasm 2.13.03-2 (source) into unstable (Jordan Justen)
[2018-06-05] nasm 2.13.03-1 MIGRATED to testing (Debian testing watch)
[2018-05-25] Accepted nasm 2.13.03-1 (source) into unstable (Jordan Justen)
[2017-12-10] nasm 2.13.02-0.1 MIGRATED to testing (Debian testing watch)
[2017-12-05] Accepted nasm 2.13.02-0.1 (source) into unstable (Matthias Klose)
[2017-07-28] Accepted nasm 2.10.01-1+deb7u1 (source amd64) into oldoldstable (Thorsten Alteholz)
[2017-07-13] nasm 2.13.01-2 MIGRATED to testing (Debian testing watch)
[2017-07-07] Accepted nasm 2.13.01-2 (source) into unstable (Jordan Justen)
[2017-05-17] Accepted nasm 2.13.01-1 (source) into experimental (Jordan Justen) (signed by: Gianfranco Costamagna)
[2017-02-17] Accepted nasm 2.12.02-1 (source) into experimental (Jordan Justen) (signed by: Gianfranco Costamagna)
[2016-05-08] nasm 2.12.01-1 MIGRATED to testing (Debian testing watch)
[2016-04-26] Accepted nasm 2.12.01-1 (source amd64) into unstable (Jordan Justen) (signed by: Anibal Monsalve Salazar)
[2016-01-17] nasm 2.11.08-1 MIGRATED to testing (Debian testing watch)
[2016-01-11] Accepted nasm 2.11.08-1 (source mips) into unstable (Anibal Monsalve Salazar)
[2015-04-27] nasm 2.11.06-1really2.11.05-1 MIGRATED to testing (Britney)
[2014-11-12] Accepted nasm 2.11.06-1really2.11.05-1 (source amd64) into unstable (Anibal Monsalve Salazar)
[2014-11-06] Accepted nasm 2.11.06-1 (source amd64) into unstable (Anibal Monsalve Salazar)
[2014-09-14] nasm 2.11.05-1 MIGRATED to testing (Britney)
[2014-09-09] Accepted nasm 2.11.05-1 (source mips) into unstable (Anibal Monsalve Salazar)
[2014-02-21] nasm 2.11-1 MIGRATED to testing (Debian testing watch)
[2014-02-16] Accepted nasm 2.11-1 (source mipsel) (Anibal Monsalve Salazar)
[2014-01-08] nasm 2.10.09-1 MIGRATED to testing (Debian testing watch)
[2013-12-29] Accepted nasm 2.10.09-1 (source mipsel) (Anibal Monsalve Salazar)
[2013-06-04] nasm 2.10.07-1 MIGRATED to testing (Debian testing watch)
[2013-05-25] Accepted nasm 2.10.07-1 (source amd64) (Anibal Monsalve Salazar)
[2012-06-24] nasm 2.10.01-1 MIGRATED to testing (Debian testing watch)
[2012-06-14] Accepted nasm 2.10.01-1 (source mipsel) (Anibal Monsalve Salazar)

1
2

bugs [bug history graph]

all: 14
RC: 0
I&N: 10
M&W: 3
F&P: 1
patch: 1

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.14-1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing