Explore top 10 tips to secure your open-source projects now. Read More
×
This update for nasm fixes the following issues
- CVE-2026-6067: heap buffer overflow vulnerability due to a lack of bounds checking in the obj_directive() function
(bsc#1261986).
- CVE-2026-6068: heap use after free vulnerability in response file processing (bsc#1261985).
Changes for nasm:
- Update to 3.02:
* Fix build problems on C23 compilers using a pre-C23 version of
which defines bool as a macro in violation of the C23 specification.
* The immediate form of the JMPE instruction (opcode 0F B8) has been changed
to an absolute address, as in the Itanium Architecture Software Developer's
Manual, version 2.3, Volume 4, page 4:249. Hopefully this won't break
whatever virtual environments use JMPE, but it is the closest thing there
is to an official specification for this opcode.
* Being an absolute address, treat it equivalent to a FAR jump and do not
default to 64 bits in 64-bit mode.
* That JMPE has apparently been wrong all these years is probably as good of
a...
Read the Full Advisory- openSUSE Leap 16.0:
nasm-3.02-160000.1.1
* bsc#1261985
* bsc#1261986
References:
* https://www.suse.com/security/cve/CVE-2026-6067.html
* https://www.suse.com/security/cve/CVE-2026-6068.html
Get the latest Linux and open source security news straight to your inbox.