Test ID:	1.3.6.1.4.1.25623.1.0.853264
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for nasm (openSUSE-SU-2020:0952-1)
Summary:	The remote host is missing an update for the 'nasm'; package(s) announced via the openSUSE-SU-2020:0952-1 advisory.
Description:	Summary: The remote host is missing an update for the 'nasm' package(s) announced via the openSUSE-SU-2020:0952-1 advisory. Vulnerability Insight: This update for nasm fixes the following issues: nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. * Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified. * Create all system-defined macros before processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before). * If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See section 4.11.7. * Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code. * Fix a corner case in the floating-point code where a binary, octal or hexadecimal floating-point having at least 32, 11, or 8 mantissa digits could produce slightly incorrect results under very specific conditions. * Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7. * Fix -E in combination with -MD. See section 2.1.21. * Fix missing errors on redefined labels, would cause convergence failure instead which is very slow and not easy to debug. * Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.) * Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1. * Changed -I option semantics by adding a trailing path separator unconditionally. * Fixed null dereference in corrupted invalid single line macros. * Fixed division by zero which may happen if source code is malformed. * Fixed out of bound access in processing of malformed segment override. * Fixed out of bound access in certain EQU parsing. * Fixed buffer underflow in float parsing. * Added SGX (Intel Software Guard Extensions) instructions. * Added +n syntax for multiple contiguous registers. * Fixed subsections_via_symbols for macho object format. * Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28. * Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9. * Supported generic %pragma namespaces, output and debug. See section 6.10. * Added the --pragma command line option to inject a %pragma directive. See section 2.1.29. * Added the --before command line option to accept preprocess statement before input. See section 2.1.30. * Added AVX512 VBMI2 (Additional ... Description truncated. Please see the references for more information. Affected Software/OS: 'nasm' package(s) on openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-8881 https://bugzilla.nasm.us/show_bug.cgi?id=3392446 SuSE Security Announcement: openSUSE-SU-2020:0952 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html SuSE Security Announcement: openSUSE-SU-2020:0954 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html https://usn.ubuntu.com/3694-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-8882 https://bugzilla.nasm.us/show_bug.cgi?id=3392445 Common Vulnerability Exposure (CVE) ID: CVE-2018-8883 https://bugzilla.nasm.us/show_bug.cgi?id=3392447
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.