===================================================================== CERT-Renater Note d'Information No. 2005/VULN014 _____________________________________________________________________ DATE : 07/01/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : systems running nasm. ====================================================================== _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: nasm Advisory ID: MDKSA-2005:004 Date: January 6th, 2005 Affected versions: 10.0, 10.1 ______________________________________________________________________ Problem Description: A buffer overflow in nasm was discovered by Jonathan Rockway. This vulnerability could lead to the execution of arbitrary code when compiling a malicious assembler source file. The updated packages are patched to correct the problem. ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: bfeacd381e7fbf8b99e96a2430311ed4 10.0/RPMS/nasm-0.98.38-1.1.100mdk.i586.rpm 114bfd2649248582ad463a187a826e33 10.0/RPMS/nasm-doc-0.98.38-1.1.100mdk.i586.rpm ed611f8bbd6cfa91b9d7944c9b815902 10.0/RPMS/nasm-rdoff-0.98.38-1.1.100mdk.i586.rpm f431fa5e5f6a59718efcfb41edab3be3 10.0/SRPMS/nasm-0.98.38-1.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: dc9af90c5b786c155544f48046e9dfe4 amd64/10.0/RPMS/nasm-0.98.38-1.1.100mdk.amd64.rpm f0c59ffd65fd1285e577af0b8ce9baa1 amd64/10.0/RPMS/nasm-doc-0.98.38-1.1.100mdk.amd64.rpm d044b7e60404106957e51e3c2841feed amd64/10.0/RPMS/nasm-rdoff-0.98.38-1.1.100mdk.amd64.rpm f431fa5e5f6a59718efcfb41edab3be3 amd64/10.0/SRPMS/nasm-0.98.38-1.1.100mdk.src.rpm Mandrakelinux 10.1: 47bc2f9600153b30d7e63321360b8d76 10.1/RPMS/nasm-0.98.38-1.1.101mdk.i586.rpm 1995e7f847f816be99b917867cf9a139 10.1/RPMS/nasm-doc-0.98.38-1.1.101mdk.i586.rpm 1a2242ced53b91dfe2179a26527dca33 10.1/RPMS/nasm-rdoff-0.98.38-1.1.101mdk.i586.rpm 92183c2e2e68b8a12e3a0d6aa692763f 10.1/SRPMS/nasm-0.98.38-1.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: ed510372fa24800e7b0faf78e84d8a0b x86_64/10.1/RPMS/nasm-0.98.38-1.1.101mdk.x86_64.rpm c3fdef84d0c9b383ae78aa929d110f78 x86_64/10.1/RPMS/nasm-doc-0.98.38-1.1.101mdk.x86_64.rpm 3a83b689ba75be2ed28b3edea7270ea9 x86_64/10.1/RPMS/nasm-rdoff-0.98.38-1.1.101mdk.x86_64.rpm 92183c2e2e68b8a12e3a0d6aa692763f x86_64/10.1/SRPMS/nasm-0.98.38-1.1.101mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================