An update for nasm is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1022 Final 1.0 1.0 2021-02-04 Initial 2021-02-04 2021-02-04 openEuler SA Tool V1.0 2021-02-04 nasm security update An update for nasm is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1. NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. It also provides tools in RDOFF binary format, includes linker, library manager, loader, and information dump.\r\n\r\n Security Fix(es):\r\n\r\n In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.(CVE-2019-20352)\r\n\r\n In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.(CVE-2020-24241)\r\n\r\n An update for nasm is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.\r\n\r\n openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High nasm https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1022 https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-20352 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-24241 https://nvd.nist.gov/vuln/detail/CVE-2019-20352 https://nvd.nist.gov/vuln/detail/CVE-2020-24241 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 nasm-2.15.03-2.oe1.aarch64.rpm nasm-debuginfo-2.15.03-2.oe1.aarch64.rpm nasm-debugsource-2.15.03-2.oe1.aarch64.rpm nasm-2.15.03-2.oe1.aarch64.rpm nasm-debuginfo-2.15.03-2.oe1.aarch64.rpm nasm-debugsource-2.15.03-2.oe1.aarch64.rpm nasm-help-2.15.03-2.oe1.noarch.rpm nasm-help-2.15.03-2.oe1.noarch.rpm nasm-2.15.03-2.oe1.src.rpm nasm-2.15.03-2.oe1.src.rpm nasm-2.15.03-2.oe1.x86_64.rpm nasm-debuginfo-2.15.03-2.oe1.x86_64.rpm nasm-debugsource-2.15.03-2.oe1.x86_64.rpm nasm-2.15.03-2.oe1.x86_64.rpm nasm-debuginfo-2.15.03-2.oe1.x86_64.rpm nasm-debugsource-2.15.03-2.oe1.x86_64.rpm In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c. 2021-02-04 CVE-2019-20352 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 7.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H nasm security update 2021-02-04 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1022 In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. 2021-02-04 CVE-2020-24241 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H nasm security update 2021-02-04 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1022