{"affected":[{"ecosystem_specific":{"binaries":[{"nasm":"2.14.02-lp151.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"nasm","purl":"pkg:rpm/opensuse/nasm&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.14.02-lp151.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for nasm fixes the following issues:\n\nnasm was updated to version 2.14.02.\n\nThis allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes\nand improvements.\n\n* Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified.\n* Create all system-defined macros defore processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before).\n* If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See section 4.11.7.\n* Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code.\n* Fix a corner case in the floating-point code where a binary, octal or\n  hexadecimal floating-point having at least 32, 11, or 8 mantissa digits\n  could produce slightly incorrect results under very specific conditions.\n* Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7.\n* Fix -E in combination with -MD. See section 2.1.21.\n* Fix missing errors on redefined labels; would cause convergence failure instead which is very slow and not easy to debug.\n* Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.)\n* Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1.\n* Changed -I option semantics by adding a trailing path separator unconditionally.\n* Fixed null dereference in corrupted invalid single line macros.\n* Fixed division by zero which may happen if source code is malformed.\n* Fixed out of bound access in processing of malformed segment override.\n* Fixed out of bound access in certain EQU parsing.\n* Fixed buffer underflow in float parsing.\n* Added SGX (Intel Software Guard Extensions) instructions.\n* Added +n syntax for multiple contiguous registers.\n* Fixed subsections_via_symbols for macho object format.\n* Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28.\n* Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9.\n* Supported generic %pragma namespaces, output and debug. See section 6.10.\n* Added the --pragma command line option to inject a %pragma directive. See section 2.1.29.\n* Added the --before command line option to accept preprocess statement before input. See section 2.1.30.\n* Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions.\n* Added the STATIC directive for local symbols that should be renamed using global-symbol rules. See section 6.8.\n* Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. See section 6.5.\n* The GLOBAL directive no longer is required to precede the definition of the symbol.\n* Support private_extern as macho specific extension to the GLOBAL directive. See section 7.8.5.\n* Updated UD0 encoding to match with the specification\n* Added the --limit-X command line option to set execution limits. See section 2.1.31.\n* Updated the Codeview version number to be aligned with MASM.\n* Added the --keep-all command line option to preserve output files. See section 2.1.32.\n* Added the --include command line option, an alias to -P (section 2.1.18).\n* Added the --help command line option as an alias to -h (section 3.1).\n* Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64.\n\nNew upstream version 2.13.03:\n\n* Add flags: AES, VAES, VPCLMULQDQ\n* Add VPCLMULQDQ instruction\n* elf: Add missing dwarf loc section\n* documentation updates\n  \nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2020:0952-1","modified":"2020-07-13T14:30:07Z","published":"2020-07-13T14:30:07Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DOJ3G66H5CLZFCUKGB4363DLYQJJULTG/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1084631"},{"type":"REPORT","url":"https://bugzilla.suse.com/1086186"},{"type":"REPORT","url":"https://bugzilla.suse.com/1086227"},{"type":"REPORT","url":"https://bugzilla.suse.com/1086228"},{"type":"REPORT","url":"https://bugzilla.suse.com/1090519"},{"type":"REPORT","url":"https://bugzilla.suse.com/1090840"},{"type":"REPORT","url":"https://bugzilla.suse.com/1106878"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107592"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107594"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108404"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115758"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115774"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115795"},{"type":"REPORT","url":"https://bugzilla.suse.com/1173538"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1000667"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10016"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10254"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10316"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16382"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16517"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16999"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19214"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19215"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19216"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8881"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8882"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8883"}],"related":["CVE-2018-1000667","CVE-2018-10016","CVE-2018-10254","CVE-2018-10316","CVE-2018-16382","CVE-2018-16517","CVE-2018-16999","CVE-2018-19214","CVE-2018-19215","CVE-2018-19216","CVE-2018-8881","CVE-2018-8882","CVE-2018-8883"],"summary":"Security update for nasm","upstream":["CVE-2018-1000667","CVE-2018-10016","CVE-2018-10254","CVE-2018-10316","CVE-2018-16382","CVE-2018-16517","CVE-2018-16999","CVE-2018-19214","CVE-2018-19215","CVE-2018-19216","CVE-2018-8881","CVE-2018-8882","CVE-2018-8883"]}