Security update for nasm

Announcement ID:	SUSE-SU-2020:1864-1
Rating:	moderate
References:	bsc#1058013 bsc#1073796 bsc#1073798 bsc#1073799 bsc#1073803 bsc#1073808 bsc#1073818 bsc#1073823 bsc#1073829 bsc#1073830 bsc#1073832 bsc#1073846 bsc#1084631
Cross-References:	CVE-2017-14228 CVE-2017-17810 CVE-2017-17811 CVE-2017-17812 CVE-2017-17813 CVE-2017-17814 CVE-2017-17815 CVE-2017-17816 CVE-2017-17817 CVE-2017-17818 CVE-2017-17819 CVE-2017-17820
CVSS scores:	CVE-2017-14228 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2017-14228 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17810 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17810 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17811 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17811 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17812 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17812 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17813 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2017-17813 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17814 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2017-17814 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17815 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17815 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17816 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2017-17816 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17817 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2017-17817 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17818 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2017-17818 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-17819 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-17819 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-17820 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2017-17820 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5

An update that solves 12 vulnerabilities and has one security fix can now be installed.

Description:

nasm was updated to version 2.14.02:

• Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified.
• Create all system-defined macros defore processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before).
• If debugging is enabled, define a DEBUG_FORMAT predefined macro. See section 4.11.7.
• Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code.
• Fix a corner case in the floating-point code where a binary, octal or hexadecimal floating-point having at least 32, 11, or 8 mantissa digits could produce slightly incorrect results under very specific conditions.
• Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7.
• Fix -E in combination with -MD. See section 2.1.21.
• Fix missing errors on redefined labels; would cause convergence failure instead which is very slow and not easy to debug.
• Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.)
• Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1.
• Changed -I option semantics by adding a trailing path separator unconditionally.
• Fixed null dereference in corrupted invalid single line macros.
• Fixed division by zero which may happen if source code is malformed.
• Fixed out of bound access in processing of malformed segment override.
• Fixed out of bound access in certain EQU parsing.
• Fixed buffer underflow in float parsing.
• Added SGX (Intel Software Guard Extensions) instructions.
• Added +n syntax for multiple contiguous registers.
• Fixed subsections_via_symbols for macho object format.
• Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28.
• Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9.
• Supported generic %pragma namespaces, output and debug. See section 6.10.
• Added the --pragma command line option to inject a %pragma directive. See section 2.1.29.
• Added the --before command line option to accept preprocess statement before input. See section 2.1.30.
• Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions.
• Added the STATIC directive for local symbols that should be renamed using global-symbol rules. See section 6.8.
• Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. See section 6.5.
• The GLOBAL directive no longer is required to precede the definition of the symbol.
• Support private_extern as macho specific extension to the GLOBAL directive. See section 7.8.5.
• Updated UD0 encoding to match with the specification
• Added the --limit-X command line option to set execution limits. See section 2.1.31.
• Updated the Codeview version number to be aligned with MASM.
• Added the --keep-all command line option to preserve output files. See section 2.1.32.
• Added the --include command line option, an alias to -P (section 2.1.18).
• Added the --help command line option as an alias to -h (section 3.1).
• Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64.

New upstream version 2.13.03:

• Add flags: AES, VAES, VPCLMULQDQ
• Add VPCLMULQDQ instruction
• elf: Add missing dwarf loc section
• documentation updates

nasm was updated to new upstream version 2.13.02:

• Fix generation of PEXTRW instruction.
• Fix smartalign package which could trigger an error during optimization if the alignment code expanded too much due to optimization of the previous code.
• Fix a case where negative value in TIMES directive causes panic instead of an error.
• Fix the incorrect generation of VEX-encoded instruction when static mode decorators are specified on scalar instructions, losing the decorators as they require EVEX encoding.
• Fix generation of dependency lists.
• Fixes macro calls that have the wrong number of arguments (bsc#1073796, CVE-2017-17810)
• Fixes Heap-based buffer overflow allows related to a strcpy in paste_tokens (bsc#1073798, CVE-2017-17811)
• Fixes Heap-based buffer over-read in the function detoken() (bsc#1073799, CVE-2017-17812)
• Fixes Use-after-free in the pp_list_one_macro function (bsc#1073803, CVE-2017-17813)
• Fixes Use-after-free in do_directive (bsc#1073808, CVE-2017-17814)
• Fixes Illegal address access in is_mmacro() (bsc#1073818, CVE-2017-17815)
• Fixes Use-after-free in pp_getline (bsc#1073823, CVE-2017-17816)
• Fixes Use-after-free in pp_verror (bsc#1073829, CVE-2017-17817)
• Fixes Heap-based buffer over-read related to a while loop in paste_tokens (bsc#1073830, CVE-2017-17818)
• Fixes Illegal address access in the function find_cc (bsc#1073832, CVE-2017-17819)
• Fixes Use-after-free in pp_list_one_macro (bsc#1073846, CVE-2017-17820)
• Fixes illegal address access in thefunction paste_tokens() (bsc#1058013, CVE-2017-14228)

nasm was updated to version 2.13.01:

• Fix incorrect output for some types of FAR or SEG references in the obj output format, and possibly other 16-bit output formats.
• Fix the address in the list file for an instruction containing a TIMES directive.
• Fix error with TIMES used together with an instruction which can vary in size, e.g. JMP.
• Fix breakage on some uses of the DZ pseudo-op.

nasm was updated to version 2.13.00:

• Support the official forms of the UD0 and UD1 instructions.
• Allow self-segment-relative expressions in immediates and displacements
• Handle a 64-bit origin in NDISASM.
• NASM can now generate sparse output files for relevant output formats, if the underlying operating system supports them.
• Fix a number of bugs related to AVX-512 decorators.
• Fix the {z} decorator on AVX-512 VMOVDQ* instructions.
• Add new warnings for certain dangerous constructs which never ought to have been allowed.
• Fix the EVEX (AVX-512) versions of the VPBROADCAST, VPEXTR, and VPINSR instructions.
• Support contracted forms of additional instructions.
• Fix Codeview malformed compiler version record.
• Add the CLWB and PCOMMIT instructions.
• Add the %pragma preprocessor directive for soft-error directives.
• Add the RDPID instruction.

nasm was updated to version 2.12.02:

• Fix preprocessor errors, especially %error and %warning, inside if statements.
• Fix relative relocations in 32-bit Mach-O.
• More Codeview debug format fixes.
• If the MASM PTR keyword is encountered, issue a warning. This is much more likely to indicate a MASM-ism encountered in NASM than it is a valid label.
• This warning can be suppressed with -w-ptr, the [warning] directive (see section 2.1.24) or by the macro definition %idefine ptr %??.
• When an error or a warning comes from the expansion of a multi-line macro, display the file and line numbers for the expanded macros.
• Macros defined with .nolist do not get displayed.
• Add macros ilog2fw() and ilog2cw() to the ifunc macro package. See section 5.4.1.

nasm was updated to version 2.12.01:

• Portability fixes for some platforms.
• Fix error when not specifying a list file.
• Correct the handling of macro-local labels in the Codeview debugging format.
• Add CLZERO, MONITORX and MWAITX instructions.

nasm was updated to version 2.12:

• Major fixes to the macho backend (section 7.8); earlier versions would produce invalid symbols and relocations on a regular basis.
• Support for thread-local storage in Mach-O.
• Support for arbitrary sections in Mach-O.
• Fix wrong negative size treated as a big positive value passed into backend causing NASM to crash.
• Fix handling of zero-extending unsigned relocations, we have been printing wrong message and forgot to assign segment with predefined value before passing it into output format.
• Fix potential write of oversized (with size greater than allowed in output format) relative relocations.
• Portability fixes for building NASM with LLVM compiler.
• Add support of Codeview version 8 (cv8) debug format for win32 and win64 formats in the COFF backend, see section 7.5.3.
• Allow 64-bit outputs in 16/32-bit only backends. Unsigned 64-bit relocations are zero-extended from 32-bits with a warning (suppressible via -w-zext-reloc); signed 64-bit relocations are an arror.
• Line numbers in list files now correspond to the lines in the source files, instead of simply being sequential.

nasm was updated to version 2.11.09:

• Fix potential stack overwrite in macho32 backend.
• Fix relocation records in macho64 backend.
• Fix symbol lookup computation in macho64 backend.
• Adjust .symtab and .rela.text sections alignments to 8 bytes in elf64 backed.
• Fix section length computation in bin backend which leaded in incorrect relocation records.

nasm was updated to version 2.11.08:

• Fix section length computation in bin backend which leaded in incorrect relocation records.
• Add a warning for numeric preprocessor definitions passed via command line which might have unexpected results otherwise.
• Add ability to specify a module name record in rdoff linker

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Development Kit 12 SP5
  zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1864=1

Package List:

• SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
  • nasm-debugsource-2.14.02-4.8.1
  • nasm-2.14.02-4.8.1
  • nasm-debuginfo-2.14.02-4.8.1

References:

• https://www.suse.com/security/cve/CVE-2017-14228.html
• https://www.suse.com/security/cve/CVE-2017-17810.html
• https://www.suse.com/security/cve/CVE-2017-17811.html
• https://www.suse.com/security/cve/CVE-2017-17812.html
• https://www.suse.com/security/cve/CVE-2017-17813.html
• https://www.suse.com/security/cve/CVE-2017-17814.html
• https://www.suse.com/security/cve/CVE-2017-17815.html
• https://www.suse.com/security/cve/CVE-2017-17816.html
• https://www.suse.com/security/cve/CVE-2017-17817.html
• https://www.suse.com/security/cve/CVE-2017-17818.html
• https://www.suse.com/security/cve/CVE-2017-17819.html
• https://www.suse.com/security/cve/CVE-2017-17820.html
• https://bugzilla.suse.com/show_bug.cgi?id=1058013
• https://bugzilla.suse.com/show_bug.cgi?id=1073796
• https://bugzilla.suse.com/show_bug.cgi?id=1073798
• https://bugzilla.suse.com/show_bug.cgi?id=1073799
• https://bugzilla.suse.com/show_bug.cgi?id=1073803
• https://bugzilla.suse.com/show_bug.cgi?id=1073808
• https://bugzilla.suse.com/show_bug.cgi?id=1073818
• https://bugzilla.suse.com/show_bug.cgi?id=1073823
• https://bugzilla.suse.com/show_bug.cgi?id=1073829
• https://bugzilla.suse.com/show_bug.cgi?id=1073830
• https://bugzilla.suse.com/show_bug.cgi?id=1073832
• https://bugzilla.suse.com/show_bug.cgi?id=1073846
• https://bugzilla.suse.com/show_bug.cgi?id=1084631