GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Mar 28, 2019 5:26 am Post subject: [ glsa 201903-19 ] nasm |
 |
|
Gentoo Linux Security Advisory
Title: NASM: Multiple vulnerabilities (GLSA 201903-19)
Severity: high
Exploitable: remote
Date: 2019-03-28
Bug(s): #635358, #659550, #670884
ID: 201903-19
Synopsis
Multiple vulnerabilities have been found in NASM, the worst of
which could result in the remote execution of arbitrary code.
Background
NASM is a 80x86 assembler that has been created for portability and
modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It
also supports a wide range of objects formats (ELF, a.out, COFF, etc),
and has its own disassembler.
Affected Packages
Package: dev-lang/nasm
Vulnerable: < 2.14.02
Unaffected: >= 2.14.02
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in NASM. Please review the
CVE identifiers referenced below for details.
Impact
A remote attacker could cause a Denial of Service condition or execute
arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All NASM users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/nasm-2.14.02"
|
References
CVE-2017-10686
CVE-2017-11111
CVE-2017-14228 |
|
News & Announcements
