ALAS-2023-1724


Amazon Linux 1 Security Advisory: ALAS-2023-1724
Advisory Release Date: 2023-03-30 22:50 Pacific
Advisory Updated Date: 2023-04-05 20:22 Pacific
Severity: Medium

Issue Overview:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. (CVE-2021-33454)

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c. (CVE-2021-33459)


Affected Packages:

yasm


Issue Correction:
Run yum update yasm to update your system.

New Packages:
i686:
    yasm-devel-1.2.0-1.5.amzn1.i686
    yasm-1.2.0-1.5.amzn1.i686
    yasm-debuginfo-1.2.0-1.5.amzn1.i686

src:
    yasm-1.2.0-1.5.amzn1.src

x86_64:
    yasm-devel-1.2.0-1.5.amzn1.x86_64
    yasm-1.2.0-1.5.amzn1.x86_64
    yasm-debuginfo-1.2.0-1.5.amzn1.x86_64