===================================================================== CERT-Renater Note d'Information No. 2005/VULN312 _____________________________________________________________________ DATE : 19/05/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running nasm. ====================================================================== _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: nasm Advisory ID: MDKSA-2005:090 Date: May 18th, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________ Problem Description: A buffer overflow in nasm was discovered by Josh Bressers. If an attacker could trick a user into assembling a malicious source file, they could use this vulnerability to execute arbitrary code with the privileges of the user running nasm. The provided packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1194 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 6058fd99b081bb34f72eaca22979eacb 10.0/RPMS/nasm-0.98.38-1.2.100mdk.i586.rpm 9e1cad7299252e849dde88c1c8f9fcd5 10.0/RPMS/nasm-doc-0.98.38-1.2.100mdk.i586.rpm 7b37557a44164b32b5c5d708af18420a 10.0/RPMS/nasm-rdoff-0.98.38-1.2.100mdk.i586.rpm 047468f3437190d6134a91aa319c9dce 10.0/SRPMS/nasm-0.98.38-1.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64: c0f6efb802cdf9016db4b0b460aced96 amd64/10.0/RPMS/nasm-0.98.38-1.2.100mdk.amd64.rpm 1c2d6870472752e7f71e1359f93971d6 amd64/10.0/RPMS/nasm-doc-0.98.38-1.2.100mdk.amd64.rpm 5850c8cbc5e793537edef9297f75ca3b amd64/10.0/RPMS/nasm-rdoff-0.98.38-1.2.100mdk.amd64.rpm 047468f3437190d6134a91aa319c9dce amd64/10.0/SRPMS/nasm-0.98.38-1.2.100mdk.src.rpm Mandrakelinux 10.1: c86682079a58d5f51afb8c46c3575f88 10.1/RPMS/nasm-0.98.38-1.2.101mdk.i586.rpm 5a8d878475c169dd3e5688d1df154204 10.1/RPMS/nasm-doc-0.98.38-1.2.101mdk.i586.rpm 2ac418c945c704be110ad96f7aac207a 10.1/RPMS/nasm-rdoff-0.98.38-1.2.101mdk.i586.rpm 23154a4d32e90290972ffcdf4b45e866 10.1/SRPMS/nasm-0.98.38-1.2.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 3db75236d3004b80e44da6b9090520ef x86_64/10.1/RPMS/nasm-0.98.38-1.2.101mdk.x86_64.rpm b885ec5762f765353386cdb9944f6fc5 x86_64/10.1/RPMS/nasm-doc-0.98.38-1.2.101mdk.x86_64.rpm 431065cf6d8c3ee4986b67478fbcd307 x86_64/10.1/RPMS/nasm-rdoff-0.98.38-1.2.101mdk.x86_64.rpm 23154a4d32e90290972ffcdf4b45e866 x86_64/10.1/SRPMS/nasm-0.98.38-1.2.101mdk.src.rpm Mandrakelinux 10.2: 3e12f2c986a50d29be3966c1676b22f4 10.2/RPMS/nasm-0.98.39-1.1.102mdk.i586.rpm fe9c6840f54221f6c87f75671eff25f4 10.2/RPMS/nasm-doc-0.98.39-1.1.102mdk.i586.rpm ce78396659e932bcfba9af13d5578031 10.2/RPMS/nasm-rdoff-0.98.39-1.1.102mdk.i586.rpm 8cbae58b2b3c81dfc7871e3b677ab3ee 10.2/SRPMS/nasm-0.98.39-1.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: dbf950bdee101ba5f24304bf1ef34d9b x86_64/10.2/RPMS/nasm-0.98.39-1.1.102mdk.x86_64.rpm 9c1b968a37952f4d71ab70566b27f64d x86_64/10.2/RPMS/nasm-doc-0.98.39-1.1.102mdk.x86_64.rpm f478ee8d4a130f548d70a26b43d2bd0d x86_64/10.2/RPMS/nasm-rdoff-0.98.39-1.1.102mdk.x86_64.rpm 8cbae58b2b3c81dfc7871e3b677ab3ee x86_64/10.2/SRPMS/nasm-0.98.39-1.1.102mdk.src.rpm Corporate Server 2.1: a5915798665b6cb487ed46b26d413843 corporate/2.1/RPMS/nasm-0.98.34-1.1.C21mdk.i586.rpm 8920f14ae40608d4e009d0de1de38fc4 corporate/2.1/RPMS/nasm-doc-0.98.34-1.1.C21mdk.i586.rpm 64b92b3d16471838fe539a2231cc9b40 corporate/2.1/RPMS/nasm-rdoff-0.98.34-1.1.C21mdk.i586.rpm a500a5886b349219698a63c19e4a25cc corporate/2.1/SRPMS/nasm-0.98.34-1.1.C21mdk.src.rpm Corporate Server 2.1/X86_64: 0701d377fbb6d201844d2b4c7c5c1ff4 x86_64/corporate/2.1/RPMS/nasm-0.98.34-1.1.C21mdk.x86_64.rpm 7ca4b424a692a30a0a7563ef7b519fb6 x86_64/corporate/2.1/RPMS/nasm-doc-0.98.34-1.1.C21mdk.x86_64.rpm e487b2c74bae0220d9274dc0df607113 x86_64/corporate/2.1/RPMS/nasm-rdoff-0.98.34-1.1.C21mdk.x86_64.rpm a500a5886b349219698a63c19e4a25cc x86_64/corporate/2.1/SRPMS/nasm-0.98.34-1.1.C21mdk.src.rpm Corporate 3.0: 6e92be4ee34c886f0bae3eb57742be21 corporate/3.0/RPMS/nasm-0.98.38-1.2.C30mdk.i586.rpm 52dd3cd6c00348a03e0556203d23d315 corporate/3.0/RPMS/nasm-doc-0.98.38-1.2.C30mdk.i586.rpm 982eccac3a54313ba123eaef3f86ea90 corporate/3.0/RPMS/nasm-rdoff-0.98.38-1.2.C30mdk.i586.rpm fa2f1dd8e465108d2a0c18fef812e2d0 corporate/3.0/SRPMS/nasm-0.98.38-1.2.C30mdk.src.rpm Corporate 3.0/X86_64: 3ab1744c68d83be84b7adf44aa1868b3 x86_64/corporate/3.0/RPMS/nasm-0.98.38-1.2.C30mdk.x86_64.rpm 7e516d61646ab1fcb9493b8bfd5b0943 x86_64/corporate/3.0/RPMS/nasm-doc-0.98.38-1.2.C30mdk.x86_64.rpm 809e67872145f7b42156e78bd22cbabf x86_64/corporate/3.0/RPMS/nasm-rdoff-0.98.38-1.2.C30mdk.x86_64.rpm fa2f1dd8e465108d2a0c18fef812e2d0 x86_64/corporate/3.0/SRPMS/nasm-0.98.38-1.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================