Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

openSUSE 16.0 NASM Low Heap Overflow and Use After Free 2026-21333-1

opensuse
Calendar Grey July 15, 2026
Dist Opensuse Esm H88
A low-severity update for openSUSE addresses issues in nasm, including heap overflow and use-after-free vulnerabilities.
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description

This update for nasm fixes the following issues

- CVE-2026-6067: heap buffer overflow vulnerability due to a lack of bounds checking in the obj_directive() function

(bsc#1261986).

- CVE-2026-6068: heap use after free vulnerability in response file processing (bsc#1261985).

Changes for nasm:

- Update to 3.02:

* Fix build problems on C23 compilers using a pre-C23 version of

which defines bool as a macro in violation of the C23 specification.

* The immediate form of the JMPE instruction (opcode 0F B8) has been changed

to an absolute address, as in the Itanium Architecture Software Developer's

Manual, version 2.3, Volume 4, page 4:249. Hopefully this won't break

whatever virtual environments use JMPE, but it is the closest thing there

is to an official specification for this opcode.

* Being an absolute address, treat it equivalent to a FAR jump and do not

default to 64 bits in 64-bit mode.

* That JMPE has apparently been wrong all these years is probably as good of

a...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

nasm-3.02-160000.1.1

References

* bsc#1261985

* bsc#1261986

References:

* https://www.suse.com/security/cve/CVE-2026-6067.html

* https://www.suse.com/security/cve/CVE-2026-6068.html

Severity
low
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21333-1
Rating: low
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.