CentOS Errata and Security Advisory CESA-2005:381
NASM is an 80x86 assembler.
Two stack based buffer overflow bugs have been found in nasm. An attacker could create an ASM file in such a way that when compiled by a victim, could execute arbitrary code on their machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1287 and CAN-2005-1194 to these issues.
All users of nasm are advised to upgrade to this updated package, which contains backported fixes for these issues.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-May/023664.html http://lists.centos.org/pipermail/centos-announce/2005-May/023665.html http://lists.centos.org/pipermail/centos-announce/2005-May/023666.html http://lists.centos.org/pipermail/centos-announce/2005-May/023668.html http://lists.centos.org/pipermail/centos-announce/2005-May/023669.html http://lists.centos.org/pipermail/centos-announce/2005-May/023673.html
Affected packages: nasm nasm-doc nasm-rdoff
Upstream details at: https://rhn.redhat.com/errata/RHSA-2005-381.html