nasm (2.10.09-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: code execution via heap use-after-free
- debian/patches/CVE-2017-10686-1.patch: don't call free_mmacro in
preproc.c.
- debian/patches/CVE-2017-10686-2.patch: free token's text if only it
has been modified in preproc.c.
- CVE-2017-10686
* SECURITY UPDATE: heap buffer overflow
- debian/patches/CVE-2017-11111.patch: only concat tok->text if we
accounted for its size in preproc.c.
- CVE-2017-11111
* SECURITY UPDATE: NULL pointer dereference in paste_tokens
- debian/patches/CVE-2017-14228.patch: check length in preproc.c.
- CVE-2017-14228
* SECURITY UPDATE: DoS via macro calls with wrong number of arguments
- debian/patches/CVE-2017-17810.patch: check arguments in preproc.c.
- CVE-2017-17810
* SECURITY UPDATE: DoS via heap over-read
- debian/patches/CVE-2017-17812.patch: check for data to process in
preproc.c.
- CVE-2017-17812
* SECURITY UPDATE: DoS via missing check
- debian/patches/CVE-2017-17815.patch: don't leave nparam_max less than
nparam_min in preproc.c.
- CVE-2017-17815
* SECURITY UPDATE: DoS via incorrect validation
- debian/patches/CVE-2017-17819.patch: check for NULL pointer in
preproc.c.
- CVE-2017-17819
* SECURITY UPDATE: heap-based overread
- debian/patches/CVE-2018-8881.patch: handle unterminated strings in
preproc.c.
- CVE-2018-8881
* The above patches also fix the following CVEs:
- CVE-2017-17811
- CVE-2017-17813
- CVE-2017-17814
- CVE-2017-17816
- CVE-2017-17817
- CVE-2017-17818
- CVE-2017-17820
Date: 2018-06-28 17:12:30.462707+00:00
Changed-By: Marc Deslauriers <[email protected]>
https://launchpad.net/ubuntu/+source/nasm/2.10.09-1ubuntu0.1
Sorry, changesfile not available.
--
Trusty-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/trusty-changes
