Register | Log in

nasm

General-purpose x86 assembler

Choose email to subscribe with

general

source: nasm (main)
version: 2.14.02-1
maintainer: Anibal Monsalve Salazar (DMD) (LowNMU)
uploaders: Jordan Justen [DMD]
arch: any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.11.05-1
oldstable: 2.12.01-1
stable: 2.14-1
testing: 2.14.02-1
unstable: 2.14.02-1

versioned links

2.11.05-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.12.01-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.14-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.14.02-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

nasm (8 bugs: 0, 6, 2, 0)

action needed

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-08-24 21:41

19 ignored security issues in jessie low

There are 19 open security issues in jessie.

19 issues skipped by the security teams:

CVE-2017-17816: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
CVE-2018-10016: Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
CVE-2017-17819: In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
CVE-2018-8883: Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.
CVE-2017-17811: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.
CVE-2017-17812: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.
CVE-2018-10254: Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
CVE-2017-17818: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
CVE-2017-17817: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-11111: In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-17813: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.
CVE-2017-17810: In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.
CVE-2017-17814: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17815: In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.
CVE-2017-10686: In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
CVE-2017-17820: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
CVE-2018-8882: Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
CVE-2018-8881: Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
CVE-2018-19216: Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.

Please fix them.

Created: 2017-06-30 Last update: 2019-08-09 05:13

19 ignored security issues in stretch low

There are 19 open security issues in stretch.

19 issues skipped by the security teams:

CVE-2017-17816: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
CVE-2018-10016: Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
CVE-2017-17819: In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
CVE-2018-8883: Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.
CVE-2017-17811: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.
CVE-2017-17812: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.
CVE-2018-10254: Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
CVE-2017-17818: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
CVE-2017-17817: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-11111: In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-17813: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.
CVE-2017-17810: In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.
CVE-2017-17814: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17815: In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.
CVE-2017-10686: In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
CVE-2017-17820: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
CVE-2018-8882: Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
CVE-2018-8881: Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
CVE-2018-19216: Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.

Please fix them.

Created: 2017-06-30 Last update: 2019-08-09 05:13

news

[2019-07-24] nasm 2.14.02-1 MIGRATED to testing (Debian testing watch)
[2019-07-19] Accepted nasm 2.14.02-1 (source) into unstable (Jordan Justen)
[2018-11-23] nasm 2.14-1 MIGRATED to testing (Debian testing watch)
[2018-11-18] Accepted nasm 2.14-1 (source) into unstable (Jordan Justen)
[2018-08-14] nasm 2.13.03-2 MIGRATED to testing (Debian testing watch)
[2018-08-08] Accepted nasm 2.13.03-2 (source) into unstable (Jordan Justen)
[2018-06-05] nasm 2.13.03-1 MIGRATED to testing (Debian testing watch)
[2018-05-25] Accepted nasm 2.13.03-1 (source) into unstable (Jordan Justen)
[2017-12-10] nasm 2.13.02-0.1 MIGRATED to testing (Debian testing watch)
[2017-12-05] Accepted nasm 2.13.02-0.1 (source) into unstable (Matthias Klose)
[2017-07-28] Accepted nasm 2.10.01-1+deb7u1 (source amd64) into oldoldstable (Thorsten Alteholz)
[2017-07-13] nasm 2.13.01-2 MIGRATED to testing (Debian testing watch)
[2017-07-07] Accepted nasm 2.13.01-2 (source) into unstable (Jordan Justen)
[2017-05-17] Accepted nasm 2.13.01-1 (source) into experimental (Jordan Justen) (signed by: Gianfranco Costamagna)
[2017-02-17] Accepted nasm 2.12.02-1 (source) into experimental (Jordan Justen) (signed by: Gianfranco Costamagna)
[2016-05-08] nasm 2.12.01-1 MIGRATED to testing (Debian testing watch)
[2016-04-26] Accepted nasm 2.12.01-1 (source amd64) into unstable (Jordan Justen) (signed by: Anibal Monsalve Salazar)
[2016-01-17] nasm 2.11.08-1 MIGRATED to testing (Debian testing watch)
[2016-01-11] Accepted nasm 2.11.08-1 (source mips) into unstable (Anibal Monsalve Salazar)
[2015-04-27] nasm 2.11.06-1really2.11.05-1 MIGRATED to testing (Britney)
[2014-11-12] Accepted nasm 2.11.06-1really2.11.05-1 (source amd64) into unstable (Anibal Monsalve Salazar)
[2014-11-06] Accepted nasm 2.11.06-1 (source amd64) into unstable (Anibal Monsalve Salazar)
[2014-09-14] nasm 2.11.05-1 MIGRATED to testing (Britney)
[2014-09-09] Accepted nasm 2.11.05-1 (source mips) into unstable (Anibal Monsalve Salazar)
[2014-02-21] nasm 2.11-1 MIGRATED to testing (Debian testing watch)
[2014-02-16] Accepted nasm 2.11-1 (source mipsel) (Anibal Monsalve Salazar)
[2014-01-08] nasm 2.10.09-1 MIGRATED to testing (Debian testing watch)
[2013-12-29] Accepted nasm 2.10.09-1 (source mipsel) (Anibal Monsalve Salazar)
[2013-06-04] nasm 2.10.07-1 MIGRATED to testing (Debian testing watch)
[2013-05-25] Accepted nasm 2.10.07-1 (source amd64) (Anibal Monsalve Salazar)

1
2

bugs [bug history graph]

all: 15
RC: 0
I&N: 12
M&W: 3
F&P: 0
patch: 2

links

homepage
lintian
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.14.02-1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing