https://bugzilla.redhat.com/show_bug.cgi?id=1668319
Bug ID: 1668319
Summary: CVE-2019-6290 nasm: Infinite recursion in eval.c
causing stack exhaustion problem resulting in a denial
of service
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190102,reported=20190115,sour
ce=cve,cvss3=5.5/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/
I:N/A:H,cwe=CWE-400,fedora-all/nasm=affected,rhel-5/na
sm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nickc(a)redhat.com
Target Milestone: ---
Classification: Other
An infinite recursion issue was discovered in eval.c in Netwide Assembler
(NASM)
through 2.14.02. There is a stack exhaustion problem resulting from infinite
recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios
involving lots of '{' characters. Remote attackers could leverage this
vulnerability to cause a denial-of-service via a crafted asm file.
Upstream Issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392548
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1668320
Bug ID: 1668320
Summary: CVE-2019-6290 nasm: Infinite recursion in eval.c
causing stack exhaustion problem resulting in a denial
of service [fedora-all]
Product: Fedora
Version: 29
Status: NEW
Component: nasm
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mizdebsk(a)redhat.com
Reporter: darunesh(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1668321
Bug ID: 1668321
Summary: CVE-2019-6291 nasm: Recursive calls in the function
expr resulting in a denial of service
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190102,reported=20190115,sour
ce=cve,cvss3=5.5/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/
I:N/A:H,cwe=CWE-400,fedora-all/nasm=affected,rhel-5/na
sm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nickc(a)redhat.com
Target Milestone: ---
Classification: Other
An issue was discovered in the function expr6 in eval.c in Netwide Assembler
(NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6
function making recursive calls to itself in certain scenarios involving lots
of
'!' or '+' or '-' characters. Remote attackers could leverage this
vulnerability
to cause a denial-of-service via a crafted asm file.
Upstream Issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392549
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1668322
Bug ID: 1668322
Summary: CVE-2019-6291 nasm: Recursive calls in the function
expr resulting in a denial of service [fedora-all]
Product: Fedora
Version: 29
Status: NEW
Component: nasm
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mizdebsk(a)redhat.com
Reporter: darunesh(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1661627
Bug ID: 1661627
Summary: CVE-2018-17244 elasticsearch: Information Exposure due
to improper set request headers [fedora-all]
Product: Fedora
Version: 29
Status: NEW
Component: elasticsearch
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: emmanuel(a)seyman.fr
Reporter: lpardo(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: bobjensen(a)gmail.com, emmanuel(a)seyman.fr,
java-sig-commits(a)lists.fedoraproject.org,
jvanek(a)redhat.com, pahan(a)hubbitus.info,
zbyszek(a)in.waw.pl
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1677637
Bug ID: 1677637
Summary: CVE-2019-8343 nasm: use-after-free in paste_tokens in
asm/preproc.c [fedora-all]
Product: Fedora
Version: 29
Status: NEW
Component: nasm
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: i.gnatenko.brain(a)gmail.com
Reporter: darunesh(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dominik(a)greysector.net, i.gnatenko.brain(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1677636
Bug ID: 1677636
Summary: CVE-2019-8343 nasm: use-after-free in paste_tokens in
asm/preproc.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=important,public=20190214,reported=20190215,sou
rce=cve,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H
/I:H/A:H,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/n
asm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=ne
w
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: dominik(a)greysector.net, i.gnatenko.brain(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nickc(a)redhat.com
Target Milestone: ---
Classification: Other
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens
in asm/preproc.c.
Reference:
https://bugzilla.nasm.us/show_bug.cgi?id=3392556
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1663908
Bug ID: 1663908
Summary: CVE-2018-20538 nasm: Use-after-free at asm/preproc.c
resulting in a denial of service
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=low,public=20181118,reported=20181228,source=cv
e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A
:L,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/nasm=ne
w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nickc(a)redhat.com
Target Milestone: ---
Classification: Other
A use-after-free vulnerability was found in nasm. A specially crafted file
could cause the application to crash.
Upstream issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392531
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1663907
Bug ID: 1663907
Summary: CVE-2018-20535 nasm: Use-after-free at asm/preproc.c
resulting in a denial of service
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=low,public=20181118,reported=20181228,source=cv
e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A
:L,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/nasm=ne
w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nickc(a)redhat.com
Target Milestone: ---
Classification: Other
A use-after-free vulnerability was found in nasm. A specially crafted file
could cause the application to crash.
Upstream issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392530
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1663906
Bug ID: 1663906
Summary: CVE-2018-1000886 nasm: Buffer overflow in
asm/stdscan.c:130 resulting in a denial of service
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=low,public=20180906,reported=20181221,source=cv
e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A
:L,cwe=CWE-122,fedora-all/nasm=affected,rhel-5/nasm=ne
w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nickc(a)redhat.com
Target Milestone: ---
Classification: Other
A buffer overflow vulnerability was found in nasm. A specially crafted file
could trigger endless macro generation and cause the application to crash.
Upstream issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392514
--
You are receiving this mail because:
You are on the CC list for the bug.