RHSA-2005:381-01: Low: nasm security update
Posted on: 05/04/2005 01:14 PM

nasm security updates are available for Red HAt Enterprise Linux 2.1, 3, and 4

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: nasm security update
Advisory ID: RHSA-2005:381-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-381.html
Issue date: 2005-05-04
Updated on: 2005-05-04
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1287 CAN-2005-1194
----------------------------------------------------------------------

1. Summary:

An updated nasm package that fixes multiple security issues is now available.

This update has been rated as having low security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

NASM is an 80x86 assembler.

Two stack based buffer overflow bugs have been found in nasm. An attacker could create an ASM file in such a way that when compiled by a victim, could execute arbitrary code on their machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1287 and CAN-2005-1194 to these issues.

All users of nasm are advised to upgrade to this updated package, which contains backported fixes for these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

143081 - CAN-2004-1287 Bernstein class reports buffer overflow in nasm
152962 - CAN-2005-1194 Buffer overflow in the ieee_putascii() function

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm
0e391e76be6291247278180dbe31289f nasm-0.98-8.EL21.src.rpm

i386:
7a21c7596d6ee53189a7718c89a6d00c nasm-0.98-8.EL21.i386.rpm
bcad7b119dc701210cd58c73dda3a7d8 nasm-doc-0.98-8.EL21.i386.rpm
c1dcee8fa30b706271ee943a47d5311f nasm-rdoff-0.98-8.EL21.i386.rpm

ia64:
1fc19e048f0e18e172dc660f8e878981 nasm-0.98-8.EL21.ia64.rpm
14d54bd30637be9be60a15b46789a5d4 nasm-doc-0.98-8.EL21.ia64.rpm
79b480ab6b977aac93ca46c5d42b63c5 nasm-rdoff-0.98-8.EL21.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm
0e391e76be6291247278180dbe31289f nasm-0.98-8.EL21.src.rpm

ia64:
1fc19e048f0e18e172dc660f8e878981 nasm-0.98-8.EL21.ia64.rpm
14d54bd30637be9be60a15b46789a5d4 nasm-doc-0.98-8.EL21.ia64.rpm
79b480ab6b977aac93ca46c5d42b63c5 nasm-rdoff-0.98-8.EL21.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm
0e391e76be6291247278180dbe31289f nasm-0.98-8.EL21.src.rpm

i386:
7a21c7596d6ee53189a7718c89a6d00c nasm-0.98-8.EL21.i386.rpm
bcad7b119dc701210cd58c73dda3a7d8 nasm-doc-0.98-8.EL21.i386.rpm
c1dcee8fa30b706271ee943a47d5311f nasm-rdoff-0.98-8.EL21.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm
0e391e76be6291247278180dbe31289f nasm-0.98-8.EL21.src.rpm

i386:
7a21c7596d6ee53189a7718c89a6d00c nasm-0.98-8.EL21.i386.rpm
bcad7b119dc701210cd58c73dda3a7d8 nasm-doc-0.98-8.EL21.i386.rpm
c1dcee8fa30b706271ee943a47d5311f nasm-rdoff-0.98-8.EL21.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm
5f61d41a8564a3ebe59d9d0c1339a31d nasm-0.98.35-3.EL3.src.rpm

i386:
e98eac750aa8bab598e85f6ce641395b nasm-0.98.35-3.EL3.i386.rpm

ia64:
b3ce384b524ecb0fa1ed268f78f8ab9e nasm-0.98.35-3.EL3.ia64.rpm

ppc:
567ebac5174d054b7bb2806ba375d396 nasm-0.98.35-3.EL3.ppc.rpm

s390:
f95d693302a3fb516d195d71f106337f nasm-0.98.35-3.EL3.s390.rpm

s390x:
5cf1c6de3faf209d2578797b88df9aee nasm-0.98.35-3.EL3.s390x.rpm

x86_64:
60bf4a4633c4a2ecae073b4e171904c2 nasm-0.98.35-3.EL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm
5f61d41a8564a3ebe59d9d0c1339a31d nasm-0.98.35-3.EL3.src.rpm

i386:
e98eac750aa8bab598e85f6ce641395b nasm-0.98.35-3.EL3.i386.rpm

x86_64:
60bf4a4633c4a2ecae073b4e171904c2 nasm-0.98.35-3.EL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm
5f61d41a8564a3ebe59d9d0c1339a31d nasm-0.98.35-3.EL3.src.rpm

i386:
e98eac750aa8bab598e85f6ce641395b nasm-0.98.35-3.EL3.i386.rpm

ia64:
b3ce384b524ecb0fa1ed268f78f8ab9e nasm-0.98.35-3.EL3.ia64.rpm

x86_64:
60bf4a4633c4a2ecae073b4e171904c2 nasm-0.98.35-3.EL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm
5f61d41a8564a3ebe59d9d0c1339a31d nasm-0.98.35-3.EL3.src.rpm

i386:
e98eac750aa8bab598e85f6ce641395b nasm-0.98.35-3.EL3.i386.rpm

ia64:
b3ce384b524ecb0fa1ed268f78f8ab9e nasm-0.98.35-3.EL3.ia64.rpm

x86_64:
60bf4a4633c4a2ecae073b4e171904c2 nasm-0.98.35-3.EL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm
43683b7db10b468e90659bb8f0090943 nasm-0.98.38-3.EL4.src.rpm

i386:
ec47b92aff6517cb06dcd0a920327d58 nasm-0.98.38-3.EL4.i386.rpm
7f0a211d2a8425226e30a07a3885458f nasm-doc-0.98.38-3.EL4.i386.rpm
e58d181c2745c48249e07dbefe0bedbd nasm-rdoff-0.98.38-3.EL4.i386.rpm

ia64:
305bc728323df4b766708ab0b4106034 nasm-0.98.38-3.EL4.ia64.rpm
58ccaac93f41e3d55c606f3dbbb4bddb nasm-doc-0.98.38-3.EL4.ia64.rpm
98f07827890b67656c05c75d65e27d16 nasm-rdoff-0.98.38-3.EL4.ia64.rpm

ppc:
832c5c9949a2579e528a3a22a34ce55c nasm-0.98.38-3.EL4.ppc.rpm
4f7b21a69a5990f61282972b09081acc nasm-doc-0.98.38-3.EL4.ppc.rpm
a9ff73e7360a81d9e2a3ce17747df06e nasm-rdoff-0.98.38-3.EL4.ppc.rpm

s390:
e7dc55bde0bca7bc25b68e2d96d3b49c nasm-0.98.38-3.EL4.s390.rpm
cf0cb48e144a4c0e8f3b6518b437763b nasm-doc-0.98.38-3.EL4.s390.rpm
17a92ff7a05026fa1e2331153f1023c0 nasm-rdoff-0.98.38-3.EL4.s390.rpm

s390x:
30ba9ad41ff9588918403244e87d84e1 nasm-0.98.38-3.EL4.s390x.rpm
a6c2e7bfb5c9ccb8f266d4010b5931b6 nasm-doc-0.98.38-3.EL4.s390x.rpm
88f4f1c6ad49ef338956e8f2d9265e7e nasm-rdoff-0.98.38-3.EL4.s390x.rpm

x86_64:
b5bb239b599138d9a95b3c2ae8547f4c nasm-0.98.38-3.EL4.x86_64.rpm
5e1747bc627c8669a87b8c5ebbd65a6c nasm-doc-0.98.38-3.EL4.x86_64.rpm
06e5212f11ddd1c2607894bcc472932c nasm-rdoff-0.98.38-3.EL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm
43683b7db10b468e90659bb8f0090943 nasm-0.98.38-3.EL4.src.rpm

i386:
ec47b92aff6517cb06dcd0a920327d58 nasm-0.98.38-3.EL4.i386.rpm
7f0a211d2a8425226e30a07a3885458f nasm-doc-0.98.38-3.EL4.i386.rpm
e58d181c2745c48249e07dbefe0bedbd nasm-rdoff-0.98.38-3.EL4.i386.rpm

x86_64:
b5bb239b599138d9a95b3c2ae8547f4c nasm-0.98.38-3.EL4.x86_64.rpm
5e1747bc627c8669a87b8c5ebbd65a6c nasm-doc-0.98.38-3.EL4.x86_64.rpm
06e5212f11ddd1c2607894bcc472932c nasm-rdoff-0.98.38-3.EL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm
43683b7db10b468e90659bb8f0090943 nasm-0.98.38-3.EL4.src.rpm

i386:
ec47b92aff6517cb06dcd0a920327d58 nasm-0.98.38-3.EL4.i386.rpm
7f0a211d2a8425226e30a07a3885458f nasm-doc-0.98.38-3.EL4.i386.rpm
e58d181c2745c48249e07dbefe0bedbd nasm-rdoff-0.98.38-3.EL4.i386.rpm

ia64:
305bc728323df4b766708ab0b4106034 nasm-0.98.38-3.EL4.ia64.rpm
58ccaac93f41e3d55c606f3dbbb4bddb nasm-doc-0.98.38-3.EL4.ia64.rpm
98f07827890b67656c05c75d65e27d16 nasm-rdoff-0.98.38-3.EL4.ia64.rpm

x86_64:
b5bb239b599138d9a95b3c2ae8547f4c nasm-0.98.38-3.EL4.x86_64.rpm
5e1747bc627c8669a87b8c5ebbd65a6c nasm-doc-0.98.38-3.EL4.x86_64.rpm
06e5212f11ddd1c2607894bcc472932c nasm-rdoff-0.98.38-3.EL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm
43683b7db10b468e90659bb8f0090943 nasm-0.98.38-3.EL4.src.rpm

i386:
ec47b92aff6517cb06dcd0a920327d58 nasm-0.98.38-3.EL4.i386.rpm
7f0a211d2a8425226e30a07a3885458f nasm-doc-0.98.38-3.EL4.i386.rpm
e58d181c2745c48249e07dbefe0bedbd nasm-rdoff-0.98.38-3.EL4.i386.rpm

ia64:
305bc728323df4b766708ab0b4106034 nasm-0.98.38-3.EL4.ia64.rpm
58ccaac93f41e3d55c606f3dbbb4bddb nasm-doc-0.98.38-3.EL4.ia64.rpm
98f07827890b67656c05c75d65e27d16 nasm-rdoff-0.98.38-3.EL4.ia64.rpm

x86_64:
b5bb239b599138d9a95b3c2ae8547f4c nasm-0.98.38-3.EL4.x86_64.rpm
5e1747bc627c8669a87b8c5ebbd65a6c nasm-doc-0.98.38-3.EL4.x86_64.rpm
06e5212f11ddd1c2607894bcc472932c nasm-rdoff-0.98.38-3.EL4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://tigger.uic.edu/~jlongs2/holes/nasm.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1194

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_2005381_01_low_nasm_security_update.html)