Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora 27: Security Update For Nasm Buffer Overflows - Critical Threats

fedora
Calendar Grey January 16, 2018
Dist Fedora Esm H88
Fedora 27 addresses multiple security flaws in nasm, including buffer overflow threats and memory handling concerns, implementing effective fixes.
Security fix for CVE-2017-17810 CVE-2017-17811 CVE-2017-17812 CVE-2017-17813 CVE-2017-17814 CVE-2017-17815 CVE-2017-17816 CVE-2017-17817 CVE-2017-17818 CVE-2017-17819 CVE-2017-1782...

Summary

NASM is the Netwide Assembler, a free portable assembler for the Intel

80x86 microprocessor series, using primarily the traditional Intel

instruction mnemonics and syntax.

Security fix for CVE-2017-17810 CVE-2017-17811 CVE-2017-17812 CVE-2017-17813

CVE-2017-17814 CVE-2017-17815 CVE-2017-17816 CVE-2017-17817 CVE-2017-17818

CVE-2017-17819 CVE-2017-17820

[ 1 ] Bug #1529312 - CVE-2017-17810 nasm: Segfault via mishandled macro calls in asm/preproc.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529312

[ 2 ] Bug #1529317 - CVE-2017-17811 nasm: Heap-based buffer overflow in paste_tokens function in asm/preproc.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529317

[ 3 ] Bug #1529319 - CVE-2017-17812 nasm: Heap-based buffer over-read in detoken function in asm/preproc.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529319

[ 4 ] Bug #1529326 - CVE-2017-17813 nasm: use-after-free in pp_list_one_macro function in asm/preproc.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529326

[ 5 ] Bug #1529327 - CVE-2017-17814 nasm: use-after-free in do_directive function in asm/preproc.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529327

[ 6 ] Bug #1529328 - CVE-2017-17815 nasm: Illegal address access in is_mmacro function in asm/preproc.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529328

[ 7 ] Bug #1529330 - CVE-2017-17816 nasm: Use-after-free in pp_getline function in asm/preproc.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529330

[ 8 ] Bug #1529331 - CVE-2017-17817 nasm: Use-after-free in pp_verror function in asm/preproc.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529331

[ 9 ] Bug #1529332 - CVE-2017-17818 nasm: Heap-based buffer over-read in paste_tokens function in asm/preproc.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529332

[ 10 ] Bug #1529334 - CVE-2017-17819 nasm: Illegal address access in find_cc function in asm/preproc.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529334

[ 11 ] Bug #1529335 - CVE-2017-17820 nasm: Use-after-free in pp_list_one_macro function in asm/preproc.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529335

su -c 'dnf upgrade nasm' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora nasm

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 2.13.02
Release: 1.fc27
URL: https://www.nasm.us/
Summary: A portable x86 assembler which uses Intel-like syntax

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora nasm

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here