nasm security update

2005-05-04T17:06:45
ID CESA-2005:381
Type centos
Reporter CentOS Project
Modified 2005-05-04T23:06:51

Description

CentOS Errata and Security Advisory CESA-2005:381

NASM is an 80x86 assembler.

Two stack based buffer overflow bugs have been found in nasm. An attacker could create an ASM file in such a way that when compiled by a victim, could execute arbitrary code on their machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1287 and CAN-2005-1194 to these issues.

All users of nasm are advised to upgrade to this updated package, which contains backported fixes for these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-May/023664.html http://lists.centos.org/pipermail/centos-announce/2005-May/023665.html http://lists.centos.org/pipermail/centos-announce/2005-May/023666.html http://lists.centos.org/pipermail/centos-announce/2005-May/023668.html http://lists.centos.org/pipermail/centos-announce/2005-May/023669.html http://lists.centos.org/pipermail/centos-announce/2005-May/023673.html

Affected packages: nasm nasm-doc nasm-rdoff

Upstream details at: https://rhn.redhat.com/errata/RHSA-2005-381.html