Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2005:090 - Updated nasm packages fix vulnerability
From: Mandriva Security Team <security () mandriva com>
Date: Wed, 18 May 2005 22:30:12 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           nasm
 Advisory ID:            MDKSA-2005:090
 Date:                   May 18th, 2005

 Affected versions:      10.0, 10.1, 10.2, Corporate 3.0,
                         Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A buffer overflow in nasm was discovered by Josh Bressers.  If an
 attacker could trick a user into assembling a malicious source file,
 they could use this vulnerability to execute arbitrary code with the
 privileges of the user running nasm.
 
 The provided packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1194
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 6058fd99b081bb34f72eaca22979eacb  10.0/RPMS/nasm-0.98.38-1.2.100mdk.i586.rpm
 9e1cad7299252e849dde88c1c8f9fcd5  10.0/RPMS/nasm-doc-0.98.38-1.2.100mdk.i586.rpm
 7b37557a44164b32b5c5d708af18420a  10.0/RPMS/nasm-rdoff-0.98.38-1.2.100mdk.i586.rpm
 047468f3437190d6134a91aa319c9dce  10.0/SRPMS/nasm-0.98.38-1.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 c0f6efb802cdf9016db4b0b460aced96  amd64/10.0/RPMS/nasm-0.98.38-1.2.100mdk.amd64.rpm
 1c2d6870472752e7f71e1359f93971d6  amd64/10.0/RPMS/nasm-doc-0.98.38-1.2.100mdk.amd64.rpm
 5850c8cbc5e793537edef9297f75ca3b  amd64/10.0/RPMS/nasm-rdoff-0.98.38-1.2.100mdk.amd64.rpm
 047468f3437190d6134a91aa319c9dce  amd64/10.0/SRPMS/nasm-0.98.38-1.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 c86682079a58d5f51afb8c46c3575f88  10.1/RPMS/nasm-0.98.38-1.2.101mdk.i586.rpm
 5a8d878475c169dd3e5688d1df154204  10.1/RPMS/nasm-doc-0.98.38-1.2.101mdk.i586.rpm
 2ac418c945c704be110ad96f7aac207a  10.1/RPMS/nasm-rdoff-0.98.38-1.2.101mdk.i586.rpm
 23154a4d32e90290972ffcdf4b45e866  10.1/SRPMS/nasm-0.98.38-1.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 3db75236d3004b80e44da6b9090520ef  x86_64/10.1/RPMS/nasm-0.98.38-1.2.101mdk.x86_64.rpm
 b885ec5762f765353386cdb9944f6fc5  x86_64/10.1/RPMS/nasm-doc-0.98.38-1.2.101mdk.x86_64.rpm
 431065cf6d8c3ee4986b67478fbcd307  x86_64/10.1/RPMS/nasm-rdoff-0.98.38-1.2.101mdk.x86_64.rpm
 23154a4d32e90290972ffcdf4b45e866  x86_64/10.1/SRPMS/nasm-0.98.38-1.2.101mdk.src.rpm

 Mandrakelinux 10.2:
 3e12f2c986a50d29be3966c1676b22f4  10.2/RPMS/nasm-0.98.39-1.1.102mdk.i586.rpm
 fe9c6840f54221f6c87f75671eff25f4  10.2/RPMS/nasm-doc-0.98.39-1.1.102mdk.i586.rpm
 ce78396659e932bcfba9af13d5578031  10.2/RPMS/nasm-rdoff-0.98.39-1.1.102mdk.i586.rpm
 8cbae58b2b3c81dfc7871e3b677ab3ee  10.2/SRPMS/nasm-0.98.39-1.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 dbf950bdee101ba5f24304bf1ef34d9b  x86_64/10.2/RPMS/nasm-0.98.39-1.1.102mdk.x86_64.rpm
 9c1b968a37952f4d71ab70566b27f64d  x86_64/10.2/RPMS/nasm-doc-0.98.39-1.1.102mdk.x86_64.rpm
 f478ee8d4a130f548d70a26b43d2bd0d  x86_64/10.2/RPMS/nasm-rdoff-0.98.39-1.1.102mdk.x86_64.rpm
 8cbae58b2b3c81dfc7871e3b677ab3ee  x86_64/10.2/SRPMS/nasm-0.98.39-1.1.102mdk.src.rpm

 Corporate Server 2.1:
 a5915798665b6cb487ed46b26d413843  corporate/2.1/RPMS/nasm-0.98.34-1.1.C21mdk.i586.rpm
 8920f14ae40608d4e009d0de1de38fc4  corporate/2.1/RPMS/nasm-doc-0.98.34-1.1.C21mdk.i586.rpm
 64b92b3d16471838fe539a2231cc9b40  corporate/2.1/RPMS/nasm-rdoff-0.98.34-1.1.C21mdk.i586.rpm
 a500a5886b349219698a63c19e4a25cc  corporate/2.1/SRPMS/nasm-0.98.34-1.1.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 0701d377fbb6d201844d2b4c7c5c1ff4  x86_64/corporate/2.1/RPMS/nasm-0.98.34-1.1.C21mdk.x86_64.rpm
 7ca4b424a692a30a0a7563ef7b519fb6  x86_64/corporate/2.1/RPMS/nasm-doc-0.98.34-1.1.C21mdk.x86_64.rpm
 e487b2c74bae0220d9274dc0df607113  x86_64/corporate/2.1/RPMS/nasm-rdoff-0.98.34-1.1.C21mdk.x86_64.rpm
 a500a5886b349219698a63c19e4a25cc  x86_64/corporate/2.1/SRPMS/nasm-0.98.34-1.1.C21mdk.src.rpm

 Corporate 3.0:
 6e92be4ee34c886f0bae3eb57742be21  corporate/3.0/RPMS/nasm-0.98.38-1.2.C30mdk.i586.rpm
 52dd3cd6c00348a03e0556203d23d315  corporate/3.0/RPMS/nasm-doc-0.98.38-1.2.C30mdk.i586.rpm
 982eccac3a54313ba123eaef3f86ea90  corporate/3.0/RPMS/nasm-rdoff-0.98.38-1.2.C30mdk.i586.rpm
 fa2f1dd8e465108d2a0c18fef812e2d0  corporate/3.0/SRPMS/nasm-0.98.38-1.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3ab1744c68d83be84b7adf44aa1868b3  x86_64/corporate/3.0/RPMS/nasm-0.98.38-1.2.C30mdk.x86_64.rpm
 7e516d61646ab1fcb9493b8bfd5b0943  x86_64/corporate/3.0/RPMS/nasm-doc-0.98.38-1.2.C30mdk.x86_64.rpm
 809e67872145f7b42156e78bd22cbabf  x86_64/corporate/3.0/RPMS/nasm-rdoff-0.98.38-1.2.C30mdk.x86_64.rpm
 fa2f1dd8e465108d2a0c18fef812e2d0  x86_64/corporate/3.0/SRPMS/nasm-0.98.38-1.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCjBZUmqjQ0CJFipgRAnKGAJ9Zgq2nMaSrXOcW+tLkicTUjq3i3gCfdRlj
FUPHAwBUqagGe6hLRHKrEIE=
=S2On
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • MDKSA-2005:090 - Updated nasm packages fix vulnerability Mandriva Security Team (May 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault