Описание
Security update for nasm
This update for nasm fixes the following issues:
Security issues fixed:
- CVE-2017-10686: Multiple heap use after free vulnerabilities. (bsc#1047936)
- CVE-2017-11111: Heap-based buffer overflow and application crash. (bsc#1047925)
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
Ссылки
- Link for SUSE-SU-2017:2044-1
- E-Mail link for SUSE-SU-2017:2044-1
- SUSE Security Ratings
- SUSE Bug 1047925
- SUSE Bug 1047936
- SUSE CVE CVE-2017-10686 page
- SUSE CVE CVE-2017-11111 page
Описание
In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
Затронутые продукты
Ссылки
- CVE-2017-10686
- SUSE Bug 1047936
Описание
In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-11111
- SUSE Bug 1047925
- SUSE Bug 1073798