ALAS2023-2023-354

Amazon Linux 2023 Security Advisory: ALAS-2023-354
Advisory Release Date: 2023-09-14 00:55 Pacific
Advisory Updated Date: 2023-09-20 21:35 Pacific
Severity: Medium
Issue Overview:

A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file. (CVE-2020-21528)


Affected Packages:

nasm


Issue Correction:
Run dnf update nasm --releasever 2023.2.20230920 to update your system.

New Packages:
aarch64:
    nasm-2.15.05-1.amzn2023.0.5.aarch64
    nasm-rdoff-2.15.05-1.amzn2023.0.5.aarch64
    nasm-debuginfo-2.15.05-1.amzn2023.0.5.aarch64
    nasm-rdoff-debuginfo-2.15.05-1.amzn2023.0.5.aarch64
    nasm-debugsource-2.15.05-1.amzn2023.0.5.aarch64

noarch:
    nasm-doc-2.15.05-1.amzn2023.0.5.noarch

src:
    nasm-2.15.05-1.amzn2023.0.5.src

x86_64:
    nasm-rdoff-debuginfo-2.15.05-1.amzn2023.0.5.x86_64
    nasm-2.15.05-1.amzn2023.0.5.x86_64
    nasm-debugsource-2.15.05-1.amzn2023.0.5.x86_64
    nasm-rdoff-2.15.05-1.amzn2023.0.5.x86_64
    nasm-debuginfo-2.15.05-1.amzn2023.0.5.x86_64

Additional References

Red Hat: CVE-2020-21528

Mitre: CVE-2020-21528