USN-3694-1: NASM vulnerabilities
Publication date
28 June 2018
Overview
NASM could be made to crash or run programs if it opened a specially crafted file.
Releases
Packages
- nasm - General-purpose x86 assembler
Details
It was discovered that NASM incorrectly handled certain source files. If a
user or automated system were tricked into processing a specially crafted
source file, a remote attacker could use these issues to cause NASM to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
It was discovered that NASM incorrectly handled certain source files. If a
user or automated system were tricked into processing a specially crafted
source file, a remote attacker could use these issues to cause NASM to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 14.04 trusty | nasm – 2.10.09-1ubuntu0.1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2018-8881
- CVE-2017-17820
- CVE-2017-17819
- CVE-2017-17818
- CVE-2017-17817
- CVE-2017-17816
- CVE-2017-17815
- CVE-2017-17814
- CVE-2017-17813
- CVE-2017-17812
- CVE-2018-8881
- CVE-2017-17820
- CVE-2017-17819
- CVE-2017-17818
- CVE-2017-17817
- CVE-2017-17816
- CVE-2017-17815
- CVE-2017-17814
- CVE-2017-17813
- CVE-2017-17812
- CVE-2017-17811
- CVE-2017-17810
- CVE-2017-14228
- CVE-2017-11111
- CVE-2017-10686