LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Low: nasm security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux An updated nasm package that fixes multiple security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: nasm security update
Advisory ID:       RHSA-2005:381-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-381.html
Issue date:        2005-05-04
Updated on:        2005-05-04
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1287 CAN-2005-1194
- ---------------------------------------------------------------------

1. Summary:

An updated nasm package that fixes multiple security issues is now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

NASM is an 80x86 assembler.

Two stack based buffer overflow bugs have been found in nasm. An attacker
could create an ASM file in such a way that when compiled by a victim,
could execute arbitrary code on their machine. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1287
and CAN-2005-1194 to these issues.

All users of nasm are advised to upgrade to this updated package, which
contains backported fixes for these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

143081 - CAN-2004-1287 Bernstein class reports buffer overflow in nasm
152962 - CAN-2005-1194 Buffer overflow in the ieee_putascii() function

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm
0e391e76be6291247278180dbe31289f  nasm-0.98-8.EL21.src.rpm

i386:
7a21c7596d6ee53189a7718c89a6d00c  nasm-0.98-8.EL21.i386.rpm
bcad7b119dc701210cd58c73dda3a7d8  nasm-doc-0.98-8.EL21.i386.rpm
c1dcee8fa30b706271ee943a47d5311f  nasm-rdoff-0.98-8.EL21.i386.rpm

ia64:
1fc19e048f0e18e172dc660f8e878981  nasm-0.98-8.EL21.ia64.rpm
14d54bd30637be9be60a15b46789a5d4  nasm-doc-0.98-8.EL21.ia64.rpm
79b480ab6b977aac93ca46c5d42b63c5  nasm-rdoff-0.98-8.EL21.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm
0e391e76be6291247278180dbe31289f  nasm-0.98-8.EL21.src.rpm

ia64:
1fc19e048f0e18e172dc660f8e878981  nasm-0.98-8.EL21.ia64.rpm
14d54bd30637be9be60a15b46789a5d4  nasm-doc-0.98-8.EL21.ia64.rpm
79b480ab6b977aac93ca46c5d42b63c5  nasm-rdoff-0.98-8.EL21.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm
0e391e76be6291247278180dbe31289f  nasm-0.98-8.EL21.src.rpm

i386:
7a21c7596d6ee53189a7718c89a6d00c  nasm-0.98-8.EL21.i386.rpm
bcad7b119dc701210cd58c73dda3a7d8  nasm-doc-0.98-8.EL21.i386.rpm
c1dcee8fa30b706271ee943a47d5311f  nasm-rdoff-0.98-8.EL21.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm
0e391e76be6291247278180dbe31289f  nasm-0.98-8.EL21.src.rpm

i386:
7a21c7596d6ee53189a7718c89a6d00c  nasm-0.98-8.EL21.i386.rpm
bcad7b119dc701210cd58c73dda3a7d8  nasm-doc-0.98-8.EL21.i386.rpm
c1dcee8fa30b706271ee943a47d5311f  nasm-rdoff-0.98-8.EL21.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm
5f61d41a8564a3ebe59d9d0c1339a31d  nasm-0.98.35-3.EL3.src.rpm

i386:
e98eac750aa8bab598e85f6ce641395b  nasm-0.98.35-3.EL3.i386.rpm

ia64:
b3ce384b524ecb0fa1ed268f78f8ab9e  nasm-0.98.35-3.EL3.ia64.rpm

ppc:
567ebac5174d054b7bb2806ba375d396  nasm-0.98.35-3.EL3.ppc.rpm

s390:
f95d693302a3fb516d195d71f106337f  nasm-0.98.35-3.EL3.s390.rpm

s390x:
5cf1c6de3faf209d2578797b88df9aee  nasm-0.98.35-3.EL3.s390x.rpm

x86_64:
60bf4a4633c4a2ecae073b4e171904c2  nasm-0.98.35-3.EL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm
5f61d41a8564a3ebe59d9d0c1339a31d  nasm-0.98.35-3.EL3.src.rpm

i386:
e98eac750aa8bab598e85f6ce641395b  nasm-0.98.35-3.EL3.i386.rpm

x86_64:
60bf4a4633c4a2ecae073b4e171904c2  nasm-0.98.35-3.EL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm
5f61d41a8564a3ebe59d9d0c1339a31d  nasm-0.98.35-3.EL3.src.rpm

i386:
e98eac750aa8bab598e85f6ce641395b  nasm-0.98.35-3.EL3.i386.rpm

ia64:
b3ce384b524ecb0fa1ed268f78f8ab9e  nasm-0.98.35-3.EL3.ia64.rpm

x86_64:
60bf4a4633c4a2ecae073b4e171904c2  nasm-0.98.35-3.EL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm
5f61d41a8564a3ebe59d9d0c1339a31d  nasm-0.98.35-3.EL3.src.rpm

i386:
e98eac750aa8bab598e85f6ce641395b  nasm-0.98.35-3.EL3.i386.rpm

ia64:
b3ce384b524ecb0fa1ed268f78f8ab9e  nasm-0.98.35-3.EL3.ia64.rpm

x86_64:
60bf4a4633c4a2ecae073b4e171904c2  nasm-0.98.35-3.EL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm
43683b7db10b468e90659bb8f0090943  nasm-0.98.38-3.EL4.src.rpm

i386:
ec47b92aff6517cb06dcd0a920327d58  nasm-0.98.38-3.EL4.i386.rpm
7f0a211d2a8425226e30a07a3885458f  nasm-doc-0.98.38-3.EL4.i386.rpm
e58d181c2745c48249e07dbefe0bedbd  nasm-rdoff-0.98.38-3.EL4.i386.rpm

ia64:
305bc728323df4b766708ab0b4106034  nasm-0.98.38-3.EL4.ia64.rpm
58ccaac93f41e3d55c606f3dbbb4bddb  nasm-doc-0.98.38-3.EL4.ia64.rpm
98f07827890b67656c05c75d65e27d16  nasm-rdoff-0.98.38-3.EL4.ia64.rpm

ppc:
832c5c9949a2579e528a3a22a34ce55c  nasm-0.98.38-3.EL4.ppc.rpm
4f7b21a69a5990f61282972b09081acc  nasm-doc-0.98.38-3.EL4.ppc.rpm
a9ff73e7360a81d9e2a3ce17747df06e  nasm-rdoff-0.98.38-3.EL4.ppc.rpm

s390:
e7dc55bde0bca7bc25b68e2d96d3b49c  nasm-0.98.38-3.EL4.s390.rpm
cf0cb48e144a4c0e8f3b6518b437763b  nasm-doc-0.98.38-3.EL4.s390.rpm
17a92ff7a05026fa1e2331153f1023c0  nasm-rdoff-0.98.38-3.EL4.s390.rpm

s390x:
30ba9ad41ff9588918403244e87d84e1  nasm-0.98.38-3.EL4.s390x.rpm
a6c2e7bfb5c9ccb8f266d4010b5931b6  nasm-doc-0.98.38-3.EL4.s390x.rpm
88f4f1c6ad49ef338956e8f2d9265e7e  nasm-rdoff-0.98.38-3.EL4.s390x.rpm

x86_64:
b5bb239b599138d9a95b3c2ae8547f4c  nasm-0.98.38-3.EL4.x86_64.rpm
5e1747bc627c8669a87b8c5ebbd65a6c  nasm-doc-0.98.38-3.EL4.x86_64.rpm
06e5212f11ddd1c2607894bcc472932c  nasm-rdoff-0.98.38-3.EL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm
43683b7db10b468e90659bb8f0090943  nasm-0.98.38-3.EL4.src.rpm

i386:
ec47b92aff6517cb06dcd0a920327d58  nasm-0.98.38-3.EL4.i386.rpm
7f0a211d2a8425226e30a07a3885458f  nasm-doc-0.98.38-3.EL4.i386.rpm
e58d181c2745c48249e07dbefe0bedbd  nasm-rdoff-0.98.38-3.EL4.i386.rpm

x86_64:
b5bb239b599138d9a95b3c2ae8547f4c  nasm-0.98.38-3.EL4.x86_64.rpm
5e1747bc627c8669a87b8c5ebbd65a6c  nasm-doc-0.98.38-3.EL4.x86_64.rpm
06e5212f11ddd1c2607894bcc472932c  nasm-rdoff-0.98.38-3.EL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm
43683b7db10b468e90659bb8f0090943  nasm-0.98.38-3.EL4.src.rpm

i386:
ec47b92aff6517cb06dcd0a920327d58  nasm-0.98.38-3.EL4.i386.rpm
7f0a211d2a8425226e30a07a3885458f  nasm-doc-0.98.38-3.EL4.i386.rpm
e58d181c2745c48249e07dbefe0bedbd  nasm-rdoff-0.98.38-3.EL4.i386.rpm

ia64:
305bc728323df4b766708ab0b4106034  nasm-0.98.38-3.EL4.ia64.rpm
58ccaac93f41e3d55c606f3dbbb4bddb  nasm-doc-0.98.38-3.EL4.ia64.rpm
98f07827890b67656c05c75d65e27d16  nasm-rdoff-0.98.38-3.EL4.ia64.rpm

x86_64:
b5bb239b599138d9a95b3c2ae8547f4c  nasm-0.98.38-3.EL4.x86_64.rpm
5e1747bc627c8669a87b8c5ebbd65a6c  nasm-doc-0.98.38-3.EL4.x86_64.rpm
06e5212f11ddd1c2607894bcc472932c  nasm-rdoff-0.98.38-3.EL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm
43683b7db10b468e90659bb8f0090943  nasm-0.98.38-3.EL4.src.rpm

i386:
ec47b92aff6517cb06dcd0a920327d58  nasm-0.98.38-3.EL4.i386.rpm
7f0a211d2a8425226e30a07a3885458f  nasm-doc-0.98.38-3.EL4.i386.rpm
e58d181c2745c48249e07dbefe0bedbd  nasm-rdoff-0.98.38-3.EL4.i386.rpm

ia64:
305bc728323df4b766708ab0b4106034  nasm-0.98.38-3.EL4.ia64.rpm
58ccaac93f41e3d55c606f3dbbb4bddb  nasm-doc-0.98.38-3.EL4.ia64.rpm
98f07827890b67656c05c75d65e27d16  nasm-rdoff-0.98.38-3.EL4.ia64.rpm

x86_64:
b5bb239b599138d9a95b3c2ae8547f4c  nasm-0.98.38-3.EL4.x86_64.rpm
5e1747bc627c8669a87b8c5ebbd65a6c  nasm-doc-0.98.38-3.EL4.x86_64.rpm
06e5212f11ddd1c2607894bcc472932c  nasm-rdoff-0.98.38-3.EL4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://tigger.uic.edu/~jlongs2/holes/nasm.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1194

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
The Difference Between Wi-Fi Security Protocols: WPA2-AES vs WPA2-TKIP
Segmenting for security: Five steps to protect your network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.