From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:090 - Updated nasm packages fix vulnerability
Message-Id: <E1DYcfk-0000m1-Ks@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Wed, 18 May 2005 22:30:12 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: nasm
Advisory ID: MDKSA-2005:090
Date: May 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A buffer overflow in nasm was discovered by Josh Bressers. If an
attacker could trick a user into assembling a malicious source file,
they could use this vulnerability to execute arbitrary code with the
privileges of the user running nasm.
The provided packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1194
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
6058fd99b081bb34f72eaca22979eacb 10.0/RPMS/nasm-0.98.38-1.2.100mdk.i586.rpm
9e1cad7299252e849dde88c1c8f9fcd5 10.0/RPMS/nasm-doc-0.98.38-1.2.100mdk.i586.rpm
7b37557a44164b32b5c5d708af18420a 10.0/RPMS/nasm-rdoff-0.98.38-1.2.100mdk.i586.rpm
047468f3437190d6134a91aa319c9dce 10.0/SRPMS/nasm-0.98.38-1.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
c0f6efb802cdf9016db4b0b460aced96 amd64/10.0/RPMS/nasm-0.98.38-1.2.100mdk.amd64.rpm
1c2d6870472752e7f71e1359f93971d6 amd64/10.0/RPMS/nasm-doc-0.98.38-1.2.100mdk.amd64.rpm
5850c8cbc5e793537edef9297f75ca3b amd64/10.0/RPMS/nasm-rdoff-0.98.38-1.2.100mdk.amd64.rpm
047468f3437190d6134a91aa319c9dce amd64/10.0/SRPMS/nasm-0.98.38-1.2.100mdk.src.rpm
Mandrakelinux 10.1:
c86682079a58d5f51afb8c46c3575f88 10.1/RPMS/nasm-0.98.38-1.2.101mdk.i586.rpm
5a8d878475c169dd3e5688d1df154204 10.1/RPMS/nasm-doc-0.98.38-1.2.101mdk.i586.rpm
2ac418c945c704be110ad96f7aac207a 10.1/RPMS/nasm-rdoff-0.98.38-1.2.101mdk.i586.rpm
23154a4d32e90290972ffcdf4b45e866 10.1/SRPMS/nasm-0.98.38-1.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
3db75236d3004b80e44da6b9090520ef x86_64/10.1/RPMS/nasm-0.98.38-1.2.101mdk.x86_64.rpm
b885ec5762f765353386cdb9944f6fc5 x86_64/10.1/RPMS/nasm-doc-0.98.38-1.2.101mdk.x86_64.rpm
431065cf6d8c3ee4986b67478fbcd307 x86_64/10.1/RPMS/nasm-rdoff-0.98.38-1.2.101mdk.x86_64.rpm
23154a4d32e90290972ffcdf4b45e866 x86_64/10.1/SRPMS/nasm-0.98.38-1.2.101mdk.src.rpm
Mandrakelinux 10.2:
3e12f2c986a50d29be3966c1676b22f4 10.2/RPMS/nasm-0.98.39-1.1.102mdk.i586.rpm
fe9c6840f54221f6c87f75671eff25f4 10.2/RPMS/nasm-doc-0.98.39-1.1.102mdk.i586.rpm
ce78396659e932bcfba9af13d5578031 10.2/RPMS/nasm-rdoff-0.98.39-1.1.102mdk.i586.rpm
8cbae58b2b3c81dfc7871e3b677ab3ee 10.2/SRPMS/nasm-0.98.39-1.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
dbf950bdee101ba5f24304bf1ef34d9b x86_64/10.2/RPMS/nasm-0.98.39-1.1.102mdk.x86_64.rpm
9c1b968a37952f4d71ab70566b27f64d x86_64/10.2/RPMS/nasm-doc-0.98.39-1.1.102mdk.x86_64.rpm
f478ee8d4a130f548d70a26b43d2bd0d x86_64/10.2/RPMS/nasm-rdoff-0.98.39-1.1.102mdk.x86_64.rpm
8cbae58b2b3c81dfc7871e3b677ab3ee x86_64/10.2/SRPMS/nasm-0.98.39-1.1.102mdk.src.rpm
Corporate Server 2.1:
a5915798665b6cb487ed46b26d413843 corporate/2.1/RPMS/nasm-0.98.34-1.1.C21mdk.i586.rpm
8920f14ae40608d4e009d0de1de38fc4 corporate/2.1/RPMS/nasm-doc-0.98.34-1.1.C21mdk.i586.rpm
64b92b3d16471838fe539a2231cc9b40 corporate/2.1/RPMS/nasm-rdoff-0.98.34-1.1.C21mdk.i586.rpm
a500a5886b349219698a63c19e4a25cc corporate/2.1/SRPMS/nasm-0.98.34-1.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
0701d377fbb6d201844d2b4c7c5c1ff4 x86_64/corporate/2.1/RPMS/nasm-0.98.34-1.1.C21mdk.x86_64.rpm
7ca4b424a692a30a0a7563ef7b519fb6 x86_64/corporate/2.1/RPMS/nasm-doc-0.98.34-1.1.C21mdk.x86_64.rpm
e487b2c74bae0220d9274dc0df607113 x86_64/corporate/2.1/RPMS/nasm-rdoff-0.98.34-1.1.C21mdk.x86_64.rpm
a500a5886b349219698a63c19e4a25cc x86_64/corporate/2.1/SRPMS/nasm-0.98.34-1.1.C21mdk.src.rpm
Corporate 3.0:
6e92be4ee34c886f0bae3eb57742be21 corporate/3.0/RPMS/nasm-0.98.38-1.2.C30mdk.i586.rpm
52dd3cd6c00348a03e0556203d23d315 corporate/3.0/RPMS/nasm-doc-0.98.38-1.2.C30mdk.i586.rpm
982eccac3a54313ba123eaef3f86ea90 corporate/3.0/RPMS/nasm-rdoff-0.98.38-1.2.C30mdk.i586.rpm
fa2f1dd8e465108d2a0c18fef812e2d0 corporate/3.0/SRPMS/nasm-0.98.38-1.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
3ab1744c68d83be84b7adf44aa1868b3 x86_64/corporate/3.0/RPMS/nasm-0.98.38-1.2.C30mdk.x86_64.rpm
7e516d61646ab1fcb9493b8bfd5b0943 x86_64/corporate/3.0/RPMS/nasm-doc-0.98.38-1.2.C30mdk.x86_64.rpm
809e67872145f7b42156e78bd22cbabf x86_64/corporate/3.0/RPMS/nasm-rdoff-0.98.38-1.2.C30mdk.x86_64.rpm
fa2f1dd8e465108d2a0c18fef812e2d0 x86_64/corporate/3.0/SRPMS/nasm-0.98.38-1.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCjBZUmqjQ0CJFipgRAnKGAJ9Zgq2nMaSrXOcW+tLkicTUjq3i3gCfdRlj
FUPHAwBUqagGe6hLRHKrEIE=
=S2On
-----END PGP SIGNATURE-----