{"id": "EULEROS_SA-2020-1870.NASL", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP8 : nasm (EulerOS-SA-2020-1870)", "description": "According to the versions of the nasm package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Netwide assembler (NASM) 2.14 rc15 in asm/preproc. C\n the expand_mmac_params a heap-based buffer, the buffer\n read is insufficient, lead to insufficient\n input.(CVE-2018-19214)\n\n - Netwide Assembler (NASM) before 2.13.02 has a\n use-after-free in detoken at\n asm/preproc.c(CVE-2018-19216)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2020-08-28T00:00:00", "modified": "2020-08-28T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/139973", "reporter": "This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?d1689a39"], "cvelist": ["CVE-2018-19214", "CVE-2018-19216"], "type": "nessus", "lastseen": "2021-01-07T09:05:44", "edition": 4, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-19214", "CVE-2018-19216"]}, {"type": "nessus", "idList": ["OPENSUSE-2020-952.NASL", "EULEROS_SA-2020-2434.NASL", "EULEROS_SA-2020-2556.NASL", "EULEROS_SA-2020-2416.NASL", "SUSE_SU-2020-1843-1.NASL", "OPENSUSE-2020-954.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0954-1", "OPENSUSE-SU-2020:0952-1"]}], "modified": "2021-01-07T09:05:44", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-01-07T09:05:44", "rev": 2}, "vulnersScore": 4.7}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139973);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-19214\",\n \"CVE-2018-19216\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : nasm (EulerOS-SA-2020-1870)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the nasm package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Netwide assembler (NASM) 2.14 rc15 in asm/preproc. C\n the expand_mmac_params a heap-based buffer, the buffer\n read is insufficient, lead to insufficient\n input.(CVE-2018-19214)\n\n - Netwide Assembler (NASM) before 2.13.02 has a\n use-after-free in detoken at\n asm/preproc.c(CVE-2018-19216)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1870\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d1689a39\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nasm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nasm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"nasm-2.13.03-2.h3.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nasm\");\n}\n", "naslFamily": "Huawei Local Security Checks", "pluginID": "139973", "cpe": ["p-cpe:/a:huawei:euleros:nasm", "cpe:/o:huawei:euleros:2.0"], "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scheme": null}

{"cve": [{"lastseen": "2020-12-09T20:25:39", "description": "Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-12T19:29:00", "title": "CVE-2018-19216", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19216"], "modified": "2020-07-13T21:15:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-19216", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19216", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:17", "description": "Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-12T19:29:00", "title": "CVE-2018-19214", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19214"], "modified": "2020-07-13T21:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/a:nasm:netwide_assembler:12.14", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "CVE-2018-19214", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19214", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:nasm:netwide_assembler:12.14:rc15:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-07T09:07:01", "description": "According to the versions of the nasm package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Netwide Assembler (NASM) 2.14rc16 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for the special cases of the % and $ and !\n characters.(CVE-2018-19216)\n\n - Netwide Assembler (NASM) 2.14rc16 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for the special cases of the % and $ and !\n characters.(CVE-2018-19215)\n\n - Netwide Assembler (NASM) 2.14rc15 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for insufficient input.(CVE-2018-19214)\n\n - Netwide Assembler (NASM) 2.13.02rc2 has a stack-based\n buffer under-read in the function ieee_shr in\n asm/float.c via a large shift value.(CVE-2018-8882)\n\n - Netwide Assembler (NASM) 2.14rc0 has a division-by-zero\n vulnerability in the expr5 function in asm/eval.c via a\n malformed input file.(CVE-2018-10016)\n\n - Netwide Assembler (NASM) 2.14rc0 has an endless while\n loop in the assemble_file function of asm/nasm.c\n because of a globallineno integer\n overflow.(CVE-2018-10316)\n\n - NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and\n earlier contains a memory corruption (crashed) of nasm\n when handling a crafted file due to function\n assemble_file(inname, depend_ptr) at asm/nasm.c:482.\n vulnerability in function assemble_file(inname,\n depend_ptr) at asm/nasm.c:482. that can result in\n aborting/crash nasm program. This attack appear to be\n exploitable via a specially crafted asm\n file..(CVE-2018-1000667)\n\n - There is an illegal address access at asm/preproc.c\n (function: is_mmacro) in Netwide Assembler (NASM)\n 2.14rc16 that will cause a denial of service\n (out-of-bounds array access) because a certain\n conversion can result in a negative\n integer.(CVE-2018-19755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-03T00:00:00", "title": "EulerOS 2.0 SP9 : nasm (EulerOS-SA-2020-2416)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10016", "CVE-2018-19215", "CVE-2018-8882", "CVE-2018-19755", "CVE-2018-10316", "CVE-2018-19214", "CVE-2018-19216", "CVE-2018-1000667"], "modified": "2020-11-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:nasm", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2416.NASL", "href": "https://www.tenable.com/plugins/nessus/142279", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142279);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-1000667\",\n \"CVE-2018-10016\",\n \"CVE-2018-10316\",\n \"CVE-2018-19214\",\n \"CVE-2018-19215\",\n \"CVE-2018-19216\",\n \"CVE-2018-19755\",\n \"CVE-2018-8882\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : nasm (EulerOS-SA-2020-2416)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the nasm package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Netwide Assembler (NASM) 2.14rc16 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for the special cases of the % and $ and !\n characters.(CVE-2018-19216)\n\n - Netwide Assembler (NASM) 2.14rc16 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for the special cases of the % and $ and !\n characters.(CVE-2018-19215)\n\n - Netwide Assembler (NASM) 2.14rc15 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for insufficient input.(CVE-2018-19214)\n\n - Netwide Assembler (NASM) 2.13.02rc2 has a stack-based\n buffer under-read in the function ieee_shr in\n asm/float.c via a large shift value.(CVE-2018-8882)\n\n - Netwide Assembler (NASM) 2.14rc0 has a division-by-zero\n vulnerability in the expr5 function in asm/eval.c via a\n malformed input file.(CVE-2018-10016)\n\n - Netwide Assembler (NASM) 2.14rc0 has an endless while\n loop in the assemble_file function of asm/nasm.c\n because of a globallineno integer\n overflow.(CVE-2018-10316)\n\n - NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and\n earlier contains a memory corruption (crashed) of nasm\n when handling a crafted file due to function\n assemble_file(inname, depend_ptr) at asm/nasm.c:482.\n vulnerability in function assemble_file(inname,\n depend_ptr) at asm/nasm.c:482. that can result in\n aborting/crash nasm program. This attack appear to be\n exploitable via a specially crafted asm\n file..(CVE-2018-1000667)\n\n - There is an illegal address access at asm/preproc.c\n (function: is_mmacro) in Netwide Assembler (NASM)\n 2.14rc16 that will cause a denial of service\n (out-of-bounds array access) because a certain\n conversion can result in a negative\n integer.(CVE-2018-19755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2416\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cae3c913\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nasm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nasm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"nasm-2.13.03-5.h4.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nasm\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:07:02", "description": "According to the versions of the nasm package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Netwide Assembler (NASM) 2.14rc16 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for the special cases of the % and $ and !\n characters.(CVE-2018-19216)\n\n - Netwide Assembler (NASM) 2.14rc16 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for the special cases of the % and $ and !\n characters.(CVE-2018-19215)\n\n - Netwide Assembler (NASM) 2.14rc15 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for insufficient input.(CVE-2018-19214)\n\n - Netwide Assembler (NASM) 2.13.02rc2 has a stack-based\n buffer under-read in the function ieee_shr in\n asm/float.c via a large shift value.(CVE-2018-8882)\n\n - Netwide Assembler (NASM) 2.14rc0 has a division-by-zero\n vulnerability in the expr5 function in asm/eval.c via a\n malformed input file.(CVE-2018-10016)\n\n - Netwide Assembler (NASM) 2.14rc0 has an endless while\n loop in the assemble_file function of asm/nasm.c\n because of a globallineno integer\n overflow.(CVE-2018-10316)\n\n - NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and\n earlier contains a memory corruption (crashed) of nasm\n when handling a crafted file due to function\n assemble_file(inname, depend_ptr) at asm/nasm.c:482.\n vulnerability in function assemble_file(inname,\n depend_ptr) at asm/nasm.c:482. that can result in\n aborting/crash nasm program. This attack appear to be\n exploitable via a specially crafted asm\n file..(CVE-2018-1000667)\n\n - There is an illegal address access at asm/preproc.c\n (function: is_mmacro) in Netwide Assembler (NASM)\n 2.14rc16 that will cause a denial of service\n (out-of-bounds array access) because a certain\n conversion can result in a negative\n integer.(CVE-2018-19755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-03T00:00:00", "title": "EulerOS : nasm (EulerOS-SA-2020-2434)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10016", "CVE-2018-19215", "CVE-2018-8882", "CVE-2018-19755", "CVE-2018-10316", "CVE-2018-19214", "CVE-2018-19216", "CVE-2018-1000667"], "modified": "2020-11-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:nasm", "cpe:/o:huawei:euleros:"], "id": "EULEROS_SA-2020-2434.NASL", "href": "https://www.tenable.com/plugins/nessus/142355", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142355);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-1000667\",\n \"CVE-2018-10016\",\n \"CVE-2018-10316\",\n \"CVE-2018-19214\",\n \"CVE-2018-19215\",\n \"CVE-2018-19216\",\n \"CVE-2018-19755\",\n \"CVE-2018-8882\"\n );\n\n script_name(english:\"EulerOS : nasm (EulerOS-SA-2020-2434)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the nasm package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Netwide Assembler (NASM) 2.14rc16 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for the special cases of the % and $ and !\n characters.(CVE-2018-19216)\n\n - Netwide Assembler (NASM) 2.14rc16 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for the special cases of the % and $ and !\n characters.(CVE-2018-19215)\n\n - Netwide Assembler (NASM) 2.14rc15 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for insufficient input.(CVE-2018-19214)\n\n - Netwide Assembler (NASM) 2.13.02rc2 has a stack-based\n buffer under-read in the function ieee_shr in\n asm/float.c via a large shift value.(CVE-2018-8882)\n\n - Netwide Assembler (NASM) 2.14rc0 has a division-by-zero\n vulnerability in the expr5 function in asm/eval.c via a\n malformed input file.(CVE-2018-10016)\n\n - Netwide Assembler (NASM) 2.14rc0 has an endless while\n loop in the assemble_file function of asm/nasm.c\n because of a globallineno integer\n overflow.(CVE-2018-10316)\n\n - NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and\n earlier contains a memory corruption (crashed) of nasm\n when handling a crafted file due to function\n assemble_file(inname, depend_ptr) at asm/nasm.c:482.\n vulnerability in function assemble_file(inname,\n depend_ptr) at asm/nasm.c:482. that can result in\n aborting/crash nasm program. This attack appear to be\n exploitable via a specially crafted asm\n file..(CVE-2018-1000667)\n\n - There is an illegal address access at asm/preproc.c\n (function: is_mmacro) in Netwide Assembler (NASM)\n 2.14rc16 that will cause a denial of service\n (out-of-bounds array access) because a certain\n conversion can result in a negative\n integer.(CVE-2018-19755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2434\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e5449816\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nasm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nasm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release (\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS \");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"nasm-2.13.03-5.h4.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nasm\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-14T11:58:59", "description": "This update for nasm fixes the following issues :\n\nnasm was updated to version 2.14.02.\n\nThis allows building of Mozilla Firefox 78ESR and also contains lots\nof bugfixes, security fixes and improvements.\n\n - Fix crash due to multiple errors or warnings during the\n code generation pass if a list file is specified.\n\n - Create all system-defined macros defore processing\n command-line given preprocessing directives (-p, -d, -u,\n --pragma, --before).\n\n - If debugging is enabled, define a __DEBUG_FORMAT__\n predefined macro. See section 4.11.7.\n\n - Fix an assert for the case in the obj format when a SEG\n operator refers to an EXTERN symbol declared further\n down in the code.\n\n - Fix a corner case in the floating-point code where a\n binary, octal or hexadecimal floating-point having at\n least 32, 11, or 8 mantissa digits could produce\n slightly incorrect results under very specific\n conditions.\n\n - Support -MD without a filename, for gcc compatibility.\n -MF can be used to set the dependencies output filename.\n See section 2.1.7.\n\n - Fix -E in combination with -MD. See section 2.1.21.\n\n - Fix missing errors on redefined labels; would cause\n convergence failure instead which is very slow and not\n easy to debug.\n\n - Duplicate definitions of the same label with the same\n value is now explicitly permitted (2.14 would allow it\n in some circumstances.)\n\n - Add the option --no-line to ignore %line directives in\n the source. See section 2.1.33 and section 4.10.1.\n\n - Changed -I option semantics by adding a trailing path\n separator unconditionally.\n\n - Fixed null dereference in corrupted invalid single line\n macros.\n\n - Fixed division by zero which may happen if source code\n is malformed.\n\n - Fixed out of bound access in processing of malformed\n segment override.\n\n - Fixed out of bound access in certain EQU parsing.\n\n - Fixed buffer underflow in float parsing.\n\n - Added SGX (Intel Software Guard Extensions)\n instructions.\n\n - Added +n syntax for multiple contiguous registers.\n\n - Fixed subsections_via_symbols for macho object format.\n\n - Added the --gprefix, --gpostfix, --lprefix, and\n --lpostfix command line options, to allow command line\n base symbol renaming. See section 2.1.28.\n\n - Allow label renaming to be specified by %pragma in\n addition to from the command line. See section 6.9.\n\n - Supported generic %pragma namespaces, output and debug.\n See section 6.10.\n\n - Added the --pragma command line option to inject a\n %pragma directive. See section 2.1.29.\n\n - Added the --before command line option to accept\n preprocess statement before input. See section 2.1.30.\n\n - Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI\n (Vector Neural Network), BITALG (Bit Algorithm), and\n GFNI (Galois Field New Instruction) instructions.\n\n - Added the STATIC directive for local symbols that should\n be renamed using global-symbol rules. See section 6.8.\n\n - Allow a symbol to be defined as EXTERN and then later\n overridden as GLOBAL or COMMON. Furthermore, a symbol\n declared EXTERN and then defined will be treated as\n GLOBAL. See section 6.5.\n\n - The GLOBAL directive no longer is required to precede\n the definition of the symbol.\n\n - Support private_extern as macho specific extension to\n the GLOBAL directive. See section 7.8.5.\n\n - Updated UD0 encoding to match with the specification\n\n - Added the --limit-X command line option to set execution\n limits. See section 2.1.31.\n\n - Updated the Codeview version number to be aligned with\n MASM.\n\n - Added the --keep-all command line option to preserve\n output files. See section 2.1.32.\n\n - Added the --include command line option, an alias to -P\n (section 2.1.18).\n\n - Added the --help command line option as an alias to -h\n (section 3.1).\n\n - Added -W, -D, and -Q suffix aliases for RET instructions\n so the operand sizes of these instructions can be\n encoded without using o16, o32 or o64.\n\nNew upstream version 2.13.03 :\n\n - Add flags: AES, VAES, VPCLMULQDQ\n\n - Add VPCLMULQDQ instruction\n\n - elf: Add missing dwarf loc section\n\n - documentation updates This update was imported from the\n SUSE:SLE-15:Update update project.", "edition": 3, "cvss3": {"score": 7.3, "vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-20T00:00:00", "title": "openSUSE Security Update : nasm (openSUSE-2020-952)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10016", "CVE-2018-19215", "CVE-2018-16517", "CVE-2018-16382", "CVE-2018-8883", "CVE-2018-8882", "CVE-2018-10254", "CVE-2018-10316", "CVE-2018-19214", "CVE-2018-16999", "CVE-2018-19216", "CVE-2018-1000667", "CVE-2018-8881"], "modified": "2020-07-20T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:nasm-debugsource", "p-cpe:/a:novell:opensuse:nasm-debuginfo", "p-cpe:/a:novell:opensuse:nasm"], "id": "OPENSUSE-2020-952.NASL", "href": "https://www.tenable.com/plugins/nessus/138733", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-952.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138733);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2018-1000667\", \"CVE-2018-10016\", \"CVE-2018-10254\", \"CVE-2018-10316\", \"CVE-2018-16382\", \"CVE-2018-16517\", \"CVE-2018-16999\", \"CVE-2018-19214\", \"CVE-2018-19215\", \"CVE-2018-19216\", \"CVE-2018-8881\", \"CVE-2018-8882\", \"CVE-2018-8883\");\n\n script_name(english:\"openSUSE Security Update : nasm (openSUSE-2020-952)\");\n script_summary(english:\"Check for the openSUSE-2020-952 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for nasm fixes the following issues :\n\nnasm was updated to version 2.14.02.\n\nThis allows building of Mozilla Firefox 78ESR and also contains lots\nof bugfixes, security fixes and improvements.\n\n - Fix crash due to multiple errors or warnings during the\n code generation pass if a list file is specified.\n\n - Create all system-defined macros defore processing\n command-line given preprocessing directives (-p, -d, -u,\n --pragma, --before).\n\n - If debugging is enabled, define a __DEBUG_FORMAT__\n predefined macro. See section 4.11.7.\n\n - Fix an assert for the case in the obj format when a SEG\n operator refers to an EXTERN symbol declared further\n down in the code.\n\n - Fix a corner case in the floating-point code where a\n binary, octal or hexadecimal floating-point having at\n least 32, 11, or 8 mantissa digits could produce\n slightly incorrect results under very specific\n conditions.\n\n - Support -MD without a filename, for gcc compatibility.\n -MF can be used to set the dependencies output filename.\n See section 2.1.7.\n\n - Fix -E in combination with -MD. See section 2.1.21.\n\n - Fix missing errors on redefined labels; would cause\n convergence failure instead which is very slow and not\n easy to debug.\n\n - Duplicate definitions of the same label with the same\n value is now explicitly permitted (2.14 would allow it\n in some circumstances.)\n\n - Add the option --no-line to ignore %line directives in\n the source. See section 2.1.33 and section 4.10.1.\n\n - Changed -I option semantics by adding a trailing path\n separator unconditionally.\n\n - Fixed null dereference in corrupted invalid single line\n macros.\n\n - Fixed division by zero which may happen if source code\n is malformed.\n\n - Fixed out of bound access in processing of malformed\n segment override.\n\n - Fixed out of bound access in certain EQU parsing.\n\n - Fixed buffer underflow in float parsing.\n\n - Added SGX (Intel Software Guard Extensions)\n instructions.\n\n - Added +n syntax for multiple contiguous registers.\n\n - Fixed subsections_via_symbols for macho object format.\n\n - Added the --gprefix, --gpostfix, --lprefix, and\n --lpostfix command line options, to allow command line\n base symbol renaming. See section 2.1.28.\n\n - Allow label renaming to be specified by %pragma in\n addition to from the command line. See section 6.9.\n\n - Supported generic %pragma namespaces, output and debug.\n See section 6.10.\n\n - Added the --pragma command line option to inject a\n %pragma directive. See section 2.1.29.\n\n - Added the --before command line option to accept\n preprocess statement before input. See section 2.1.30.\n\n - Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI\n (Vector Neural Network), BITALG (Bit Algorithm), and\n GFNI (Galois Field New Instruction) instructions.\n\n - Added the STATIC directive for local symbols that should\n be renamed using global-symbol rules. See section 6.8.\n\n - Allow a symbol to be defined as EXTERN and then later\n overridden as GLOBAL or COMMON. Furthermore, a symbol\n declared EXTERN and then defined will be treated as\n GLOBAL. See section 6.5.\n\n - The GLOBAL directive no longer is required to precede\n the definition of the symbol.\n\n - Support private_extern as macho specific extension to\n the GLOBAL directive. See section 7.8.5.\n\n - Updated UD0 encoding to match with the specification\n\n - Added the --limit-X command line option to set execution\n limits. See section 2.1.31.\n\n - Updated the Codeview version number to be aligned with\n MASM.\n\n - Added the --keep-all command line option to preserve\n output files. See section 2.1.32.\n\n - Added the --include command line option, an alias to -P\n (section 2.1.18).\n\n - Added the --help command line option as an alias to -h\n (section 3.1).\n\n - Added -W, -D, and -Q suffix aliases for RET instructions\n so the operand sizes of these instructions can be\n encoded without using o16, o32 or o64.\n\nNew upstream version 2.13.03 :\n\n - Add flags: AES, VAES, VPCLMULQDQ\n\n - Add VPCLMULQDQ instruction\n\n - elf: Add missing dwarf loc section\n\n - documentation updates This update was imported from the\n SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173538\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected nasm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8881\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nasm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nasm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nasm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nasm-2.14.02-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nasm-debuginfo-2.14.02-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nasm-debugsource-2.14.02-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nasm / nasm-debuginfo / nasm-debugsource\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-14T13:13:59", "description": "This update for nasm fixes the following issues :\n\nnasm was updated to version 2.14.02.\n\nThis allows building of Mozilla Firefox 78ESR and also contains lots\nof bugfixes, security fixes and improvements.\n\nFix crash due to multiple errors or warnings during the code\ngeneration pass if a list file is specified.\n\nCreate all system-defined macros defore processing command-line given\npreprocessing directives (-p, -d, -u, --pragma, --before).\n\nIf debugging is enabled, define a __DEBUG_FORMAT__ predefined macro.\nSee section 4.11.7.\n\nFix an assert for the case in the obj format when a SEG operator\nrefers to an EXTERN symbol declared further down in the code.\n\nFix a corner case in the floating-point code where a binary, octal or\nhexadecimal floating-point having at least 32, 11, or 8 mantissa\ndigits could produce slightly incorrect results under very specific\nconditions.\n\nSupport -MD without a filename, for gcc compatibility. -MF can be used\nto set the dependencies output filename. See section 2.1.7.\n\nFix -E in combination with -MD. See section 2.1.21.\n\nFix missing errors on redefined labels; would cause convergence\nfailure instead which is very slow and not easy to debug.\n\nDuplicate definitions of the same label with the same value is now\nexplicitly permitted (2.14 would allow it in some circumstances.)\n\nAdd the option --no-line to ignore %line directives in the source. See\nsection 2.1.33 and section 4.10.1.\n\nChanged -I option semantics by adding a trailing path separator\nunconditionally.\n\nFixed null dereference in corrupted invalid single line macros.\n\nFixed division by zero which may happen if source code is malformed.\n\nFixed out of bound access in processing of malformed segment override.\n\nFixed out of bound access in certain EQU parsing.\n\nFixed buffer underflow in float parsing.\n\nAdded SGX (Intel Software Guard Extensions) instructions.\n\nAdded +n syntax for multiple contiguous registers.\n\nFixed subsections_via_symbols for macho object format.\n\nAdded the --gprefix, --gpostfix, --lprefix, and --lpostfix command\nline options, to allow command line base symbol renaming. See section\n2.1.28.\n\nAllow label renaming to be specified by %pragma in addition to from\nthe command line. See section 6.9.\n\nSupported generic %pragma namespaces, output and debug. See section\n6.10.\n\nAdded the --pragma command line option to inject a %pragma directive.\nSee section 2.1.29.\n\nAdded the --before command line option to accept preprocess statement\nbefore input. See section 2.1.30.\n\nAdded AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural\nNetwork), BITALG (Bit Algorithm), and GFNI (Galois Field New\nInstruction) instructions.\n\nAdded the STATIC directive for local symbols that should be renamed\nusing global-symbol rules. See section 6.8.\n\nAllow a symbol to be defined as EXTERN and then later overridden as\nGLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then\ndefined will be treated as GLOBAL. See section 6.5.\n\nThe GLOBAL directive no longer is required to precede the definition\nof the symbol.\n\nSupport private_extern as macho specific extension to the GLOBAL\ndirective. See section 7.8.5.\n\nUpdated UD0 encoding to match with the specification\n\nAdded the --limit-X command line option to set execution limits. See\nsection 2.1.31.\n\nUpdated the Codeview version number to be aligned with MASM.\n\nAdded the --keep-all command line option to preserve output files. See\nsection 2.1.32.\n\nAdded the --include command line option, an alias to -P (section\n2.1.18).\n\nAdded the --help command line option as an alias to -h (section 3.1).\n\nAdded -W, -D, and -Q suffix aliases for RET instructions so the\noperand sizes of these instructions can be encoded without using o16,\no32 or o64.\n\nNew upstream version 2.13.03 :\n\nAdd flags: AES, VAES, VPCLMULQDQ\n\nAdd VPCLMULQDQ instruction\n\nelf: Add missing dwarf loc section\n\ndocumentation updates\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 7.3, "vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-09T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : nasm (SUSE-SU-2020:1843-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10016", "CVE-2018-19215", "CVE-2018-16517", "CVE-2018-16382", "CVE-2018-8883", "CVE-2018-8882", "CVE-2018-10254", "CVE-2018-10316", "CVE-2018-19214", "CVE-2018-16999", "CVE-2018-19216", "CVE-2018-1000667", "CVE-2018-8881"], "modified": "2020-07-09T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:nasm-debugsource", "p-cpe:/a:novell:suse_linux:nasm", "p-cpe:/a:novell:suse_linux:nasm-debuginfo"], "id": "SUSE_SU-2020-1843-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138316", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1843-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138316);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2018-1000667\", \"CVE-2018-10016\", \"CVE-2018-10254\", \"CVE-2018-10316\", \"CVE-2018-16382\", \"CVE-2018-16517\", \"CVE-2018-16999\", \"CVE-2018-19214\", \"CVE-2018-19215\", \"CVE-2018-19216\", \"CVE-2018-8881\", \"CVE-2018-8882\", \"CVE-2018-8883\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : nasm (SUSE-SU-2020:1843-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for nasm fixes the following issues :\n\nnasm was updated to version 2.14.02.\n\nThis allows building of Mozilla Firefox 78ESR and also contains lots\nof bugfixes, security fixes and improvements.\n\nFix crash due to multiple errors or warnings during the code\ngeneration pass if a list file is specified.\n\nCreate all system-defined macros defore processing command-line given\npreprocessing directives (-p, -d, -u, --pragma, --before).\n\nIf debugging is enabled, define a __DEBUG_FORMAT__ predefined macro.\nSee section 4.11.7.\n\nFix an assert for the case in the obj format when a SEG operator\nrefers to an EXTERN symbol declared further down in the code.\n\nFix a corner case in the floating-point code where a binary, octal or\nhexadecimal floating-point having at least 32, 11, or 8 mantissa\ndigits could produce slightly incorrect results under very specific\nconditions.\n\nSupport -MD without a filename, for gcc compatibility. -MF can be used\nto set the dependencies output filename. See section 2.1.7.\n\nFix -E in combination with -MD. See section 2.1.21.\n\nFix missing errors on redefined labels; would cause convergence\nfailure instead which is very slow and not easy to debug.\n\nDuplicate definitions of the same label with the same value is now\nexplicitly permitted (2.14 would allow it in some circumstances.)\n\nAdd the option --no-line to ignore %line directives in the source. See\nsection 2.1.33 and section 4.10.1.\n\nChanged -I option semantics by adding a trailing path separator\nunconditionally.\n\nFixed null dereference in corrupted invalid single line macros.\n\nFixed division by zero which may happen if source code is malformed.\n\nFixed out of bound access in processing of malformed segment override.\n\nFixed out of bound access in certain EQU parsing.\n\nFixed buffer underflow in float parsing.\n\nAdded SGX (Intel Software Guard Extensions) instructions.\n\nAdded +n syntax for multiple contiguous registers.\n\nFixed subsections_via_symbols for macho object format.\n\nAdded the --gprefix, --gpostfix, --lprefix, and --lpostfix command\nline options, to allow command line base symbol renaming. See section\n2.1.28.\n\nAllow label renaming to be specified by %pragma in addition to from\nthe command line. See section 6.9.\n\nSupported generic %pragma namespaces, output and debug. See section\n6.10.\n\nAdded the --pragma command line option to inject a %pragma directive.\nSee section 2.1.29.\n\nAdded the --before command line option to accept preprocess statement\nbefore input. See section 2.1.30.\n\nAdded AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural\nNetwork), BITALG (Bit Algorithm), and GFNI (Galois Field New\nInstruction) instructions.\n\nAdded the STATIC directive for local symbols that should be renamed\nusing global-symbol rules. See section 6.8.\n\nAllow a symbol to be defined as EXTERN and then later overridden as\nGLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then\ndefined will be treated as GLOBAL. See section 6.5.\n\nThe GLOBAL directive no longer is required to precede the definition\nof the symbol.\n\nSupport private_extern as macho specific extension to the GLOBAL\ndirective. See section 7.8.5.\n\nUpdated UD0 encoding to match with the specification\n\nAdded the --limit-X command line option to set execution limits. See\nsection 2.1.31.\n\nUpdated the Codeview version number to be aligned with MASM.\n\nAdded the --keep-all command line option to preserve output files. See\nsection 2.1.32.\n\nAdded the --include command line option, an alias to -P (section\n2.1.18).\n\nAdded the --help command line option as an alias to -h (section 3.1).\n\nAdded -W, -D, and -Q suffix aliases for RET instructions so the\noperand sizes of these instructions can be encoded without using o16,\no32 or o64.\n\nNew upstream version 2.13.03 :\n\nAdd flags: AES, VAES, VPCLMULQDQ\n\nAdd VPCLMULQDQ instruction\n\nelf: Add missing dwarf loc section\n\ndocumentation updates\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000667/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10016/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10254/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10316/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16382/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16517/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16999/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19214/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19215/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19216/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8881/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8883/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201843-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892c4a93\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP2-2020-1843=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP1-2020-1843=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8881\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nasm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nasm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nasm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nasm-2.14.02-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nasm-debuginfo-2.14.02-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nasm-debugsource-2.14.02-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"nasm-2.14.02-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"nasm-debuginfo-2.14.02-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"nasm-debugsource-2.14.02-3.4.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"nasm-2.14.02-3.4.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"nasm-debuginfo-2.14.02-3.4.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"nasm-debugsource-2.14.02-3.4.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"nasm-2.14.02-3.4.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"nasm-debuginfo-2.14.02-3.4.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"nasm-debugsource-2.14.02-3.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nasm\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-14T11:59:00", "description": "This update for nasm fixes the following issues :\n\nnasm was updated to version 2.14.02.\n\nThis allows building of Mozilla Firefox 78ESR and also contains lots\nof bugfixes, security fixes and improvements.\n\n - Fix crash due to multiple errors or warnings during the\n code generation pass if a list file is specified.\n\n - Create all system-defined macros defore processing\n command-line given preprocessing directives (-p, -d, -u,\n --pragma, --before).\n\n - If debugging is enabled, define a __DEBUG_FORMAT__\n predefined macro. See section 4.11.7.\n\n - Fix an assert for the case in the obj format when a SEG\n operator refers to an EXTERN symbol declared further\n down in the code.\n\n - Fix a corner case in the floating-point code where a\n binary, octal or hexadecimal floating-point having at\n least 32, 11, or 8 mantissa digits could produce\n slightly incorrect results under very specific\n conditions.\n\n - Support -MD without a filename, for gcc compatibility.\n -MF can be used to set the dependencies output filename.\n See section 2.1.7.\n\n - Fix -E in combination with -MD. See section 2.1.21.\n\n - Fix missing errors on redefined labels; would cause\n convergence failure instead which is very slow and not\n easy to debug.\n\n - Duplicate definitions of the same label with the same\n value is now explicitly permitted (2.14 would allow it\n in some circumstances.)\n\n - Add the option --no-line to ignore %line directives in\n the source. See section 2.1.33 and section 4.10.1.\n\n - Changed -I option semantics by adding a trailing path\n separator unconditionally.\n\n - Fixed null dereference in corrupted invalid single line\n macros.\n\n - Fixed division by zero which may happen if source code\n is malformed.\n\n - Fixed out of bound access in processing of malformed\n segment override.\n\n - Fixed out of bound access in certain EQU parsing.\n\n - Fixed buffer underflow in float parsing.\n\n - Added SGX (Intel Software Guard Extensions)\n instructions.\n\n - Added +n syntax for multiple contiguous registers.\n\n - Fixed subsections_via_symbols for macho object format.\n\n - Added the --gprefix, --gpostfix, --lprefix, and\n --lpostfix command line options, to allow command line\n base symbol renaming. See section 2.1.28.\n\n - Allow label renaming to be specified by %pragma in\n addition to from the command line. See section 6.9.\n\n - Supported generic %pragma namespaces, output and debug.\n See section 6.10.\n\n - Added the --pragma command line option to inject a\n %pragma directive. See section 2.1.29.\n\n - Added the --before command line option to accept\n preprocess statement before input. See section 2.1.30.\n\n - Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI\n (Vector Neural Network), BITALG (Bit Algorithm), and\n GFNI (Galois Field New Instruction) instructions.\n\n - Added the STATIC directive for local symbols that should\n be renamed using global-symbol rules. See section 6.8.\n\n - Allow a symbol to be defined as EXTERN and then later\n overridden as GLOBAL or COMMON. Furthermore, a symbol\n declared EXTERN and then defined will be treated as\n GLOBAL. See section 6.5.\n\n - The GLOBAL directive no longer is required to precede\n the definition of the symbol.\n\n - Support private_extern as macho specific extension to\n the GLOBAL directive. See section 7.8.5.\n\n - Updated UD0 encoding to match with the specification\n\n - Added the --limit-X command line option to set execution\n limits. See section 2.1.31.\n\n - Updated the Codeview version number to be aligned with\n MASM.\n\n - Added the --keep-all command line option to preserve\n output files. See section 2.1.32.\n\n - Added the --include command line option, an alias to -P\n (section 2.1.18).\n\n - Added the --help command line option as an alias to -h\n (section 3.1).\n\n - Added -W, -D, and -Q suffix aliases for RET instructions\n so the operand sizes of these instructions can be\n encoded without using o16, o32 or o64.\n\nNew upstream version 2.13.03 :\n\n - Add flags: AES, VAES, VPCLMULQDQ\n\n - Add VPCLMULQDQ instruction\n\n - elf: Add missing dwarf loc section\n\n - documentation updates This update was imported from the\n SUSE:SLE-15:Update update project.", "edition": 3, "cvss3": {"score": 7.3, "vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-20T00:00:00", "title": "openSUSE Security Update : nasm (openSUSE-2020-954)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10016", "CVE-2018-19215", "CVE-2018-16517", "CVE-2018-16382", "CVE-2018-8883", "CVE-2018-8882", "CVE-2018-10254", "CVE-2018-10316", "CVE-2018-19214", "CVE-2018-16999", "CVE-2018-19216", "CVE-2018-1000667", "CVE-2018-8881"], "modified": "2020-07-20T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:nasm-debugsource", "p-cpe:/a:novell:opensuse:nasm-debuginfo", "p-cpe:/a:novell:opensuse:nasm"], "id": "OPENSUSE-2020-954.NASL", "href": "https://www.tenable.com/plugins/nessus/138735", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-954.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138735);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2018-1000667\", \"CVE-2018-10016\", \"CVE-2018-10254\", \"CVE-2018-10316\", \"CVE-2018-16382\", \"CVE-2018-16517\", \"CVE-2018-16999\", \"CVE-2018-19214\", \"CVE-2018-19215\", \"CVE-2018-19216\", \"CVE-2018-8881\", \"CVE-2018-8882\", \"CVE-2018-8883\");\n\n script_name(english:\"openSUSE Security Update : nasm (openSUSE-2020-954)\");\n script_summary(english:\"Check for the openSUSE-2020-954 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for nasm fixes the following issues :\n\nnasm was updated to version 2.14.02.\n\nThis allows building of Mozilla Firefox 78ESR and also contains lots\nof bugfixes, security fixes and improvements.\n\n - Fix crash due to multiple errors or warnings during the\n code generation pass if a list file is specified.\n\n - Create all system-defined macros defore processing\n command-line given preprocessing directives (-p, -d, -u,\n --pragma, --before).\n\n - If debugging is enabled, define a __DEBUG_FORMAT__\n predefined macro. See section 4.11.7.\n\n - Fix an assert for the case in the obj format when a SEG\n operator refers to an EXTERN symbol declared further\n down in the code.\n\n - Fix a corner case in the floating-point code where a\n binary, octal or hexadecimal floating-point having at\n least 32, 11, or 8 mantissa digits could produce\n slightly incorrect results under very specific\n conditions.\n\n - Support -MD without a filename, for gcc compatibility.\n -MF can be used to set the dependencies output filename.\n See section 2.1.7.\n\n - Fix -E in combination with -MD. See section 2.1.21.\n\n - Fix missing errors on redefined labels; would cause\n convergence failure instead which is very slow and not\n easy to debug.\n\n - Duplicate definitions of the same label with the same\n value is now explicitly permitted (2.14 would allow it\n in some circumstances.)\n\n - Add the option --no-line to ignore %line directives in\n the source. See section 2.1.33 and section 4.10.1.\n\n - Changed -I option semantics by adding a trailing path\n separator unconditionally.\n\n - Fixed null dereference in corrupted invalid single line\n macros.\n\n - Fixed division by zero which may happen if source code\n is malformed.\n\n - Fixed out of bound access in processing of malformed\n segment override.\n\n - Fixed out of bound access in certain EQU parsing.\n\n - Fixed buffer underflow in float parsing.\n\n - Added SGX (Intel Software Guard Extensions)\n instructions.\n\n - Added +n syntax for multiple contiguous registers.\n\n - Fixed subsections_via_symbols for macho object format.\n\n - Added the --gprefix, --gpostfix, --lprefix, and\n --lpostfix command line options, to allow command line\n base symbol renaming. See section 2.1.28.\n\n - Allow label renaming to be specified by %pragma in\n addition to from the command line. See section 6.9.\n\n - Supported generic %pragma namespaces, output and debug.\n See section 6.10.\n\n - Added the --pragma command line option to inject a\n %pragma directive. See section 2.1.29.\n\n - Added the --before command line option to accept\n preprocess statement before input. See section 2.1.30.\n\n - Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI\n (Vector Neural Network), BITALG (Bit Algorithm), and\n GFNI (Galois Field New Instruction) instructions.\n\n - Added the STATIC directive for local symbols that should\n be renamed using global-symbol rules. See section 6.8.\n\n - Allow a symbol to be defined as EXTERN and then later\n overridden as GLOBAL or COMMON. Furthermore, a symbol\n declared EXTERN and then defined will be treated as\n GLOBAL. See section 6.5.\n\n - The GLOBAL directive no longer is required to precede\n the definition of the symbol.\n\n - Support private_extern as macho specific extension to\n the GLOBAL directive. See section 7.8.5.\n\n - Updated UD0 encoding to match with the specification\n\n - Added the --limit-X command line option to set execution\n limits. See section 2.1.31.\n\n - Updated the Codeview version number to be aligned with\n MASM.\n\n - Added the --keep-all command line option to preserve\n output files. See section 2.1.32.\n\n - Added the --include command line option, an alias to -P\n (section 2.1.18).\n\n - Added the --help command line option as an alias to -h\n (section 3.1).\n\n - Added -W, -D, and -Q suffix aliases for RET instructions\n so the operand sizes of these instructions can be\n encoded without using o16, o32 or o64.\n\nNew upstream version 2.13.03 :\n\n - Add flags: AES, VAES, VPCLMULQDQ\n\n - Add VPCLMULQDQ instruction\n\n - elf: Add missing dwarf loc section\n\n - documentation updates This update was imported from the\n SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173538\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected nasm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8881\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nasm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nasm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nasm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"nasm-2.14.02-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"nasm-debuginfo-2.14.02-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"nasm-debugsource-2.14.02-lp152.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nasm / nasm-debuginfo / nasm-debugsource\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:07:12", "description": "According to the versions of the nasm package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and\n earlier contains a memory corruption (crashed) of nasm\n when handling a crafted file due to function\n assemble_file(inname, depend_ptr) at asm/nasm.c:482.\n vulnerability in function assemble_file(inname,\n depend_ptr) at asm/nasm.c:482. that can result in\n aborting/crash nasm program. This attack appear to be\n exploitable via a specially crafted asm\n file..(CVE-2018-1000667)\n\n - Netwide Assembler (NASM) 2.14rc0 has a division-by-zero\n vulnerability in the expr5 function in asm/eval.c via a\n malformed input file.(CVE-2018-10016)\n\n - Netwide Assembler (NASM) 2.14rc0 has an endless while\n loop in the assemble_file function of asm/nasm.c\n because of a globallineno integer\n overflow.(CVE-2018-10316)\n\n - Netwide Assembler (NASM) 2.14rc15 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for insufficient input.(CVE-2018-19214)\n\n - Netwide Assembler (NASM) 2.14rc16 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for the special cases of the % and $ and !\n characters.(CVE-2018-19215)\n\n - There is an illegal address access at asm/preproc.c\n (function: is_mmacro) in Netwide Assembler (NASM)\n 2.14rc16 that will cause a denial of service\n (out-of-bounds array access) because a certain\n conversion can result in a negative\n integer.(CVE-2018-19755)\n\n - Netwide Assembler (NASM) 2.13.02rc2 has a heap-based\n buffer over-read in the function tokenize in\n asm/preproc.c, related to an unterminated\n string.(CVE-2018-8881)\n\n - Netwide Assembler (NASM) 2.13.02rc2 has a stack-based\n buffer under-read in the function ieee_shr in\n asm/float.c via a large shift value.(CVE-2018-8882)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 7.3, "vector": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-15T00:00:00", "title": "EulerOS 2.0 SP5 : nasm (EulerOS-SA-2020-2556)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10016", "CVE-2018-19215", "CVE-2018-8882", "CVE-2018-19755", "CVE-2018-10316", "CVE-2018-19214", "CVE-2018-1000667", "CVE-2018-8881"], "modified": "2020-12-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:nasm", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2556.NASL", "href": "https://www.tenable.com/plugins/nessus/144219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144219);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-1000667\",\n \"CVE-2018-10016\",\n \"CVE-2018-10316\",\n \"CVE-2018-19214\",\n \"CVE-2018-19215\",\n \"CVE-2018-19755\",\n \"CVE-2018-8881\",\n \"CVE-2018-8882\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : nasm (EulerOS-SA-2020-2556)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the nasm package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and\n earlier contains a memory corruption (crashed) of nasm\n when handling a crafted file due to function\n assemble_file(inname, depend_ptr) at asm/nasm.c:482.\n vulnerability in function assemble_file(inname,\n depend_ptr) at asm/nasm.c:482. that can result in\n aborting/crash nasm program. This attack appear to be\n exploitable via a specially crafted asm\n file..(CVE-2018-1000667)\n\n - Netwide Assembler (NASM) 2.14rc0 has a division-by-zero\n vulnerability in the expr5 function in asm/eval.c via a\n malformed input file.(CVE-2018-10016)\n\n - Netwide Assembler (NASM) 2.14rc0 has an endless while\n loop in the assemble_file function of asm/nasm.c\n because of a globallineno integer\n overflow.(CVE-2018-10316)\n\n - Netwide Assembler (NASM) 2.14rc15 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for insufficient input.(CVE-2018-19214)\n\n - Netwide Assembler (NASM) 2.14rc16 has a heap-based\n buffer over-read in expand_mmac_params in asm/preproc.c\n for the special cases of the % and $ and !\n characters.(CVE-2018-19215)\n\n - There is an illegal address access at asm/preproc.c\n (function: is_mmacro) in Netwide Assembler (NASM)\n 2.14rc16 that will cause a denial of service\n (out-of-bounds array access) because a certain\n conversion can result in a negative\n integer.(CVE-2018-19755)\n\n - Netwide Assembler (NASM) 2.13.02rc2 has a heap-based\n buffer over-read in the function tokenize in\n asm/preproc.c, related to an unterminated\n string.(CVE-2018-8881)\n\n - Netwide Assembler (NASM) 2.13.02rc2 has a stack-based\n buffer under-read in the function ieee_shr in\n asm/float.c via a large shift value.(CVE-2018-8882)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2556\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fff1ed82\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nasm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nasm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"nasm-2.10.07-7.h4.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nasm\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2020-07-13T23:25:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10016", "CVE-2018-19215", "CVE-2018-16517", "CVE-2018-16382", "CVE-2018-8883", "CVE-2018-8882", "CVE-2018-10254", "CVE-2018-10316", "CVE-2018-19214", "CVE-2018-16999", "CVE-2018-19216", "CVE-2018-1000667", "CVE-2018-8881"], "description": "This update for nasm fixes the following issues:\n\n nasm was updated to version 2.14.02.\n\n This allows building of Mozilla Firefox 78ESR and also contains lots of\n bugfixes, security fixes and improvements.\n\n * Fix crash due to multiple errors or warnings during the code generation\n pass if a list file is specified.\n * Create all system-defined macros defore processing command-line given\n preprocessing directives (-p, -d, -u, --pragma, --before).\n * If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See\n section 4.11.7.\n * Fix an assert for the case in the obj format when a SEG operator refers\n to an EXTERN symbol declared further down in the code.\n * Fix a corner case in the floating-point code where a binary, octal or\n hexadecimal floating-point having at least 32, 11, or 8 mantissa digits\n could produce slightly incorrect results under very specific conditions.\n * Support -MD without a filename, for gcc compatibility. -MF can be used\n to set the dependencies output filename. See section 2.1.7.\n * Fix -E in combination with -MD. See section 2.1.21.\n * Fix missing errors on redefined labels; would cause convergence failure\n instead which is very slow and not easy to debug.\n * Duplicate definitions of the same label with the same value is now\n explicitly permitted (2.14 would allow it in some circumstances.)\n * Add the option --no-line to ignore %line directives in the source. See\n section 2.1.33 and section 4.10.1.\n * Changed -I option semantics by adding a trailing path separator\n unconditionally.\n * Fixed null dereference in corrupted invalid single line macros.\n * Fixed division by zero which may happen if source code is malformed.\n * Fixed out of bound access in processing of malformed segment override.\n * Fixed out of bound access in certain EQU parsing.\n * Fixed buffer underflow in float parsing.\n * Added SGX (Intel Software Guard Extensions) instructions.\n * Added +n syntax for multiple contiguous registers.\n * Fixed subsections_via_symbols for macho object format.\n * Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line\n options, to allow command line base symbol renaming. See section 2.1.28.\n * Allow label renaming to be specified by %pragma in addition to from the\n command line. See section 6.9.\n * Supported generic %pragma namespaces, output and debug. See section 6.10.\n * Added the --pragma command line option to inject a %pragma directive.\n See section 2.1.29.\n * Added the --before command line option to accept preprocess statement\n before input. See section 2.1.30.\n * Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural\n Network), BITALG (Bit Algorithm), and GFNI (Galois Field New\n Instruction) instructions.\n * Added the STATIC directive for local symbols that should be renamed\n using global-symbol rules. See section 6.8.\n * Allow a symbol to be defined as EXTERN and then later overridden as\n GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined\n will be treated as GLOBAL. See section 6.5.\n * The GLOBAL directive no longer is required to precede the definition of\n the symbol.\n * Support private_extern as macho specific extension to the GLOBAL\n directive. See section 7.8.5.\n * Updated UD0 encoding to match with the specification\n * Added the --limit-X command line option to set execution limits. See\n section 2.1.31.\n * Updated the Codeview version number to be aligned with MASM.\n * Added the --keep-all command line option to preserve output files. See\n section 2.1.32.\n * Added the --include command line option, an alias to -P (section 2.1.18).\n * Added the --help command line option as an alias to -h (section 3.1).\n * Added -W, -D, and -Q suffix aliases for RET instructions so the operand\n sizes of these instructions can be encoded without using o16, o32 or o64.\n\n New upstream version 2.13.03:\n\n * Add flags: AES, VAES, VPCLMULQDQ\n * Add VPCLMULQDQ instruction\n * elf: Add missing dwarf loc section\n * documentation updates\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-07-13T21:12:50", "published": "2020-07-13T21:12:50", "id": "OPENSUSE-SU-2020:0954-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", "title": "Security update for nasm (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-13T23:25:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10016", "CVE-2018-19215", "CVE-2018-16517", "CVE-2018-16382", "CVE-2018-8883", "CVE-2018-8882", "CVE-2018-10254", "CVE-2018-10316", "CVE-2018-19214", "CVE-2018-16999", "CVE-2018-19216", "CVE-2018-1000667", "CVE-2018-8881"], "description": "This update for nasm fixes the following issues:\n\n nasm was updated to version 2.14.02.\n\n This allows building of Mozilla Firefox 78ESR and also contains lots of\n bugfixes, security fixes and improvements.\n\n * Fix crash due to multiple errors or warnings during the code generation\n pass if a list file is specified.\n * Create all system-defined macros defore processing command-line given\n preprocessing directives (-p, -d, -u, --pragma, --before).\n * If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See\n section 4.11.7.\n * Fix an assert for the case in the obj format when a SEG operator refers\n to an EXTERN symbol declared further down in the code.\n * Fix a corner case in the floating-point code where a binary, octal or\n hexadecimal floating-point having at least 32, 11, or 8 mantissa digits\n could produce slightly incorrect results under very specific conditions.\n * Support -MD without a filename, for gcc compatibility. -MF can be used\n to set the dependencies output filename. See section 2.1.7.\n * Fix -E in combination with -MD. See section 2.1.21.\n * Fix missing errors on redefined labels; would cause convergence failure\n instead which is very slow and not easy to debug.\n * Duplicate definitions of the same label with the same value is now\n explicitly permitted (2.14 would allow it in some circumstances.)\n * Add the option --no-line to ignore %line directives in the source. See\n section 2.1.33 and section 4.10.1.\n * Changed -I option semantics by adding a trailing path separator\n unconditionally.\n * Fixed null dereference in corrupted invalid single line macros.\n * Fixed division by zero which may happen if source code is malformed.\n * Fixed out of bound access in processing of malformed segment override.\n * Fixed out of bound access in certain EQU parsing.\n * Fixed buffer underflow in float parsing.\n * Added SGX (Intel Software Guard Extensions) instructions.\n * Added +n syntax for multiple contiguous registers.\n * Fixed subsections_via_symbols for macho object format.\n * Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line\n options, to allow command line base symbol renaming. See section 2.1.28.\n * Allow label renaming to be specified by %pragma in addition to from the\n command line. See section 6.9.\n * Supported generic %pragma namespaces, output and debug. See section 6.10.\n * Added the --pragma command line option to inject a %pragma directive.\n See section 2.1.29.\n * Added the --before command line option to accept preprocess statement\n before input. See section 2.1.30.\n * Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural\n Network), BITALG (Bit Algorithm), and GFNI (Galois Field New\n Instruction) instructions.\n * Added the STATIC directive for local symbols that should be renamed\n using global-symbol rules. See section 6.8.\n * Allow a symbol to be defined as EXTERN and then later overridden as\n GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined\n will be treated as GLOBAL. See section 6.5.\n * The GLOBAL directive no longer is required to precede the definition of\n the symbol.\n * Support private_extern as macho specific extension to the GLOBAL\n directive. See section 7.8.5.\n * Updated UD0 encoding to match with the specification\n * Added the --limit-X command line option to set execution limits. See\n section 2.1.31.\n * Updated the Codeview version number to be aligned with MASM.\n * Added the --keep-all command line option to preserve output files. See\n section 2.1.32.\n * Added the --include command line option, an alias to -P (section 2.1.18).\n * Added the --help command line option as an alias to -h (section 3.1).\n * Added -W, -D, and -Q suffix aliases for RET instructions so the operand\n sizes of these instructions can be encoded without using o16, o32 or o64.\n\n New upstream version 2.13.03:\n\n * Add flags: AES, VAES, VPCLMULQDQ\n * Add VPCLMULQDQ instruction\n * elf: Add missing dwarf loc section\n * documentation updates\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-07-13T21:15:39", "published": "2020-07-13T21:15:39", "id": "OPENSUSE-SU-2020:0952-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", "title": "Security update for nasm (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}