Linux Security
    Linux Security
    Linux Security

    openSUSE: 2020:0952-1: moderate: nasm

    Date
    201
    Posted By
    An update that solves 13 vulnerabilities and has one errata is now available.
       openSUSE Security Update: Security update for nasm
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2020:0952-1
    Rating:             moderate
    References:         #1084631 #1086186 #1086227 #1086228 #1090519 
                        #1090840 #1106878 #1107592 #1107594 #1108404 
                        #1115758 #1115774 #1115795 #1173538 
    Cross-References:   CVE-2018-1000667 CVE-2018-10016 CVE-2018-10254
                        CVE-2018-10316 CVE-2018-16382 CVE-2018-16517
                        CVE-2018-16999 CVE-2018-19214 CVE-2018-19215
                        CVE-2018-19216 CVE-2018-8881 CVE-2018-8882
                        CVE-2018-8883
    Affected Products:
                        openSUSE Leap 15.1
    ______________________________________________________________________________
    
       An update that solves 13 vulnerabilities and has one errata
       is now available.
    
    Description:
    
    
       This update for nasm fixes the following issues:
    
       nasm was updated to version 2.14.02.
    
       This allows building of Mozilla Firefox 78ESR and also contains lots of
       bugfixes, security fixes and improvements.
    
       * Fix crash due to multiple errors or warnings during the code generation
         pass if a list file is specified.
       * Create all system-defined macros defore processing command-line given
         preprocessing directives (-p, -d, -u, --pragma, --before).
       * If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See
         section 4.11.7.
       * Fix an assert for the case in the obj format when a SEG operator refers
         to an EXTERN symbol declared further down in the code.
       * Fix a corner case in the floating-point code where a binary, octal or
         hexadecimal floating-point having at least 32, 11, or 8 mantissa digits
         could produce slightly incorrect results under very specific conditions.
       * Support -MD without a filename, for gcc compatibility. -MF can be used
         to set the dependencies output filename. See section 2.1.7.
       * Fix -E in combination with -MD. See section 2.1.21.
       * Fix missing errors on redefined labels; would cause convergence failure
         instead which is very slow and not easy to debug.
       * Duplicate definitions of the same label with the same value is now
         explicitly permitted (2.14 would allow it in some circumstances.)
       * Add the option --no-line to ignore %line directives in the source. See
         section 2.1.33 and section 4.10.1.
       * Changed -I option semantics by adding a trailing path separator
         unconditionally.
       * Fixed null dereference in corrupted invalid single line macros.
       * Fixed division by zero which may happen if source code is malformed.
       * Fixed out of bound access in processing of malformed segment override.
       * Fixed out of bound access in certain EQU parsing.
       * Fixed buffer underflow in float parsing.
       * Added SGX (Intel Software Guard Extensions) instructions.
       * Added +n syntax for multiple contiguous registers.
       * Fixed subsections_via_symbols for macho object format.
       * Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line
         options, to allow command line base symbol renaming. See section 2.1.28.
       * Allow label renaming to be specified by %pragma in addition to from the
         command line. See section 6.9.
       * Supported generic %pragma namespaces, output and debug. See section 6.10.
       * Added the --pragma command line option to inject a %pragma directive.
         See section 2.1.29.
       * Added the --before command line option to accept preprocess statement
         before input. See section 2.1.30.
       * Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural
         Network), BITALG (Bit Algorithm), and GFNI (Galois Field New
         Instruction) instructions.
       * Added the STATIC directive for local symbols that should be renamed
         using global-symbol rules. See section 6.8.
       * Allow a symbol to be defined as EXTERN and then later overridden as
         GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined
         will be treated as GLOBAL. See section 6.5.
       * The GLOBAL directive no longer is required to precede the definition of
         the symbol.
       * Support private_extern as macho specific extension to the GLOBAL
         directive. See section 7.8.5.
       * Updated UD0 encoding to match with the specification
       * Added the --limit-X command line option to set execution limits. See
         section 2.1.31.
       * Updated the Codeview version number to be aligned with MASM.
       * Added the --keep-all command line option to preserve output files. See
         section 2.1.32.
       * Added the --include command line option, an alias to -P (section 2.1.18).
       * Added the --help command line option as an alias to -h (section 3.1).
       * Added -W, -D, and -Q suffix aliases for RET instructions so the operand
         sizes of these instructions can be encoded without using o16, o32 or o64.
    
       New upstream version 2.13.03:
    
       * Add flags: AES, VAES, VPCLMULQDQ
       * Add VPCLMULQDQ instruction
       * elf: Add missing dwarf loc section
       * documentation updates
    
       This update was imported from the SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2020-952=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (i586 x86_64):
    
          nasm-2.14.02-lp151.3.3.1
          nasm-debuginfo-2.14.02-lp151.3.3.1
          nasm-debugsource-2.14.02-lp151.3.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-1000667.html
       https://www.suse.com/security/cve/CVE-2018-10016.html
       https://www.suse.com/security/cve/CVE-2018-10254.html
       https://www.suse.com/security/cve/CVE-2018-10316.html
       https://www.suse.com/security/cve/CVE-2018-16382.html
       https://www.suse.com/security/cve/CVE-2018-16517.html
       https://www.suse.com/security/cve/CVE-2018-16999.html
       https://www.suse.com/security/cve/CVE-2018-19214.html
       https://www.suse.com/security/cve/CVE-2018-19215.html
       https://www.suse.com/security/cve/CVE-2018-19216.html
       https://www.suse.com/security/cve/CVE-2018-8881.html
       https://www.suse.com/security/cve/CVE-2018-8882.html
       https://www.suse.com/security/cve/CVE-2018-8883.html
       https://bugzilla.suse.com/1084631
       https://bugzilla.suse.com/1086186
       https://bugzilla.suse.com/1086227
       https://bugzilla.suse.com/1086228
       https://bugzilla.suse.com/1090519
       https://bugzilla.suse.com/1090840
       https://bugzilla.suse.com/1106878
       https://bugzilla.suse.com/1107592
       https://bugzilla.suse.com/1107594
       https://bugzilla.suse.com/1108404
       https://bugzilla.suse.com/1115758
       https://bugzilla.suse.com/1115774
       https://bugzilla.suse.com/1115795
       https://bugzilla.suse.com/1173538
    
    -- 
    

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.