[ubuntu/xenial-updates] nasm 2.11.08-1ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jun 28 18:58:11 UTC 2018 

nasm (2.11.08-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via heap use-after-free
    - debian/patches/CVE-2017-10686-1.patch: don't call free_mmacro in
      preproc.c.
    - debian/patches/CVE-2017-10686-2.patch: free token's text if only it
      has been modified in preproc.c.
    - CVE-2017-10686
  * SECURITY UPDATE: heap buffer overflow
    - debian/patches/CVE-2017-11111.patch: only concat tok->text if we
      accounted for its size in preproc.c.
    - CVE-2017-11111
  * SECURITY UPDATE: NULL pointer dereference in paste_tokens
    - debian/patches/CVE-2017-14228.patch: check length in preproc.c.
    - CVE-2017-14228
  * SECURITY UPDATE: DoS via macro calls with wrong number of arguments
    - debian/patches/CVE-2017-17810.patch: check arguments in preproc.c.
    - CVE-2017-17810
  * SECURITY UPDATE: DoS via heap over-read
    - debian/patches/CVE-2017-17812.patch: check for data to process in
      preproc.c.
    - CVE-2017-17812
  * SECURITY UPDATE: DoS via missing check
    - debian/patches/CVE-2017-17815.patch: don't leave nparam_max less than
      nparam_min in preproc.c.
    - CVE-2017-17815
  * SECURITY UPDATE: DoS via incorrect validation
    - debian/patches/CVE-2017-17819.patch: check for NULL pointer in
      preproc.c.
    - CVE-2017-17819
  * SECURITY UPDATE: heap-based overread
    - debian/patches/CVE-2018-8881.patch: handle unterminated strings in
      preproc.c.
    - CVE-2018-8881
  * The above patches also fix the following CVEs:
    - CVE-2017-17811
    - CVE-2017-17813
    - CVE-2017-17814
    - CVE-2017-17816
    - CVE-2017-17817
    - CVE-2017-17818
    - CVE-2017-17820

Date: 2018-06-28 17:12:12.918172+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/nasm/2.11.08-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list