Skip to navigation

Security Advisory nasm security update

Advisory: RHSA-2005:381-06
Type: Security Advisory
Severity: Low
Issued on: 2005-05-04
Last updated on: 2005-05-04
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-1287
CVE-2005-1194

Details

An updated nasm package that fixes multiple security issues is now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

NASM is an 80x86 assembler.

Two stack based buffer overflow bugs have been found in nasm. An attacker
could create an ASM file in such a way that when compiled by a victim,
could execute arbitrary code on their machine. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1287
and CAN-2005-1194 to these issues.

All users of nasm are advised to upgrade to this updated package, which
contains backported fixes for these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

IA-32:
nasm-0.98.35-3.EL3.i386.rpm     MD5: e98eac750aa8bab598e85f6ce641395b
 
x86_64:
nasm-0.98.35-3.EL3.x86_64.rpm     MD5: 60bf4a4633c4a2ecae073b4e171904c2
 
Red Hat Desktop (v. 4)

IA-32:
nasm-0.98.38-3.EL4.i386.rpm     MD5: ec47b92aff6517cb06dcd0a920327d58
nasm-doc-0.98.38-3.EL4.i386.rpm     MD5: 7f0a211d2a8425226e30a07a3885458f
nasm-rdoff-0.98.38-3.EL4.i386.rpm     MD5: e58d181c2745c48249e07dbefe0bedbd
 
x86_64:
nasm-0.98.38-3.EL4.x86_64.rpm     MD5: b5bb239b599138d9a95b3c2ae8547f4c
nasm-doc-0.98.38-3.EL4.x86_64.rpm     MD5: 5e1747bc627c8669a87b8c5ebbd65a6c
nasm-rdoff-0.98.38-3.EL4.x86_64.rpm     MD5: 06e5212f11ddd1c2607894bcc472932c
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
nasm-0.98-8.EL21.i386.rpm     MD5: 7a21c7596d6ee53189a7718c89a6d00c
nasm-doc-0.98-8.EL21.i386.rpm     MD5: bcad7b119dc701210cd58c73dda3a7d8
nasm-rdoff-0.98-8.EL21.i386.rpm     MD5: c1dcee8fa30b706271ee943a47d5311f
 
IA-64:
nasm-0.98-8.EL21.ia64.rpm     MD5: 1fc19e048f0e18e172dc660f8e878981
nasm-doc-0.98-8.EL21.ia64.rpm     MD5: 14d54bd30637be9be60a15b46789a5d4
nasm-rdoff-0.98-8.EL21.ia64.rpm     MD5: 79b480ab6b977aac93ca46c5d42b63c5
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
nasm-0.98.35-3.EL3.i386.rpm     MD5: e98eac750aa8bab598e85f6ce641395b
 
IA-64:
nasm-0.98.35-3.EL3.ia64.rpm     MD5: b3ce384b524ecb0fa1ed268f78f8ab9e
 
PPC:
nasm-0.98.35-3.EL3.ppc.rpm     MD5: 567ebac5174d054b7bb2806ba375d396
 
s390:
nasm-0.98.35-3.EL3.s390.rpm     MD5: f95d693302a3fb516d195d71f106337f
 
s390x:
nasm-0.98.35-3.EL3.s390x.rpm     MD5: 5cf1c6de3faf209d2578797b88df9aee
 
x86_64:
nasm-0.98.35-3.EL3.x86_64.rpm     MD5: 60bf4a4633c4a2ecae073b4e171904c2
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
nasm-0.98.38-3.EL4.i386.rpm     MD5: ec47b92aff6517cb06dcd0a920327d58
nasm-doc-0.98.38-3.EL4.i386.rpm     MD5: 7f0a211d2a8425226e30a07a3885458f
nasm-rdoff-0.98.38-3.EL4.i386.rpm     MD5: e58d181c2745c48249e07dbefe0bedbd
 
IA-64:
nasm-0.98.38-3.EL4.ia64.rpm     MD5: 305bc728323df4b766708ab0b4106034
nasm-doc-0.98.38-3.EL4.ia64.rpm     MD5: 58ccaac93f41e3d55c606f3dbbb4bddb
nasm-rdoff-0.98.38-3.EL4.ia64.rpm     MD5: 98f07827890b67656c05c75d65e27d16
 
PPC:
nasm-0.98.38-3.EL4.ppc.rpm     MD5: 832c5c9949a2579e528a3a22a34ce55c
nasm-doc-0.98.38-3.EL4.ppc.rpm     MD5: 4f7b21a69a5990f61282972b09081acc
nasm-rdoff-0.98.38-3.EL4.ppc.rpm     MD5: a9ff73e7360a81d9e2a3ce17747df06e
 
s390:
nasm-0.98.38-3.EL4.s390.rpm     MD5: e7dc55bde0bca7bc25b68e2d96d3b49c
nasm-doc-0.98.38-3.EL4.s390.rpm     MD5: cf0cb48e144a4c0e8f3b6518b437763b
nasm-rdoff-0.98.38-3.EL4.s390.rpm     MD5: 17a92ff7a05026fa1e2331153f1023c0
 
s390x:
nasm-0.98.38-3.EL4.s390x.rpm     MD5: 30ba9ad41ff9588918403244e87d84e1
nasm-doc-0.98.38-3.EL4.s390x.rpm     MD5: a6c2e7bfb5c9ccb8f266d4010b5931b6
nasm-rdoff-0.98.38-3.EL4.s390x.rpm     MD5: 88f4f1c6ad49ef338956e8f2d9265e7e
 
x86_64:
nasm-0.98.38-3.EL4.x86_64.rpm     MD5: b5bb239b599138d9a95b3c2ae8547f4c
nasm-doc-0.98.38-3.EL4.x86_64.rpm     MD5: 5e1747bc627c8669a87b8c5ebbd65a6c
nasm-rdoff-0.98.38-3.EL4.x86_64.rpm     MD5: 06e5212f11ddd1c2607894bcc472932c
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
nasm-0.98-8.EL21.i386.rpm     MD5: 7a21c7596d6ee53189a7718c89a6d00c
nasm-doc-0.98-8.EL21.i386.rpm     MD5: bcad7b119dc701210cd58c73dda3a7d8
nasm-rdoff-0.98-8.EL21.i386.rpm     MD5: c1dcee8fa30b706271ee943a47d5311f
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
nasm-0.98.35-3.EL3.i386.rpm     MD5: e98eac750aa8bab598e85f6ce641395b
 
IA-64:
nasm-0.98.35-3.EL3.ia64.rpm     MD5: b3ce384b524ecb0fa1ed268f78f8ab9e
 
x86_64:
nasm-0.98.35-3.EL3.x86_64.rpm     MD5: 60bf4a4633c4a2ecae073b4e171904c2
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
nasm-0.98.38-3.EL4.i386.rpm     MD5: ec47b92aff6517cb06dcd0a920327d58
nasm-doc-0.98.38-3.EL4.i386.rpm     MD5: 7f0a211d2a8425226e30a07a3885458f
nasm-rdoff-0.98.38-3.EL4.i386.rpm     MD5: e58d181c2745c48249e07dbefe0bedbd
 
IA-64:
nasm-0.98.38-3.EL4.ia64.rpm     MD5: 305bc728323df4b766708ab0b4106034
nasm-doc-0.98.38-3.EL4.ia64.rpm     MD5: 58ccaac93f41e3d55c606f3dbbb4bddb
nasm-rdoff-0.98.38-3.EL4.ia64.rpm     MD5: 98f07827890b67656c05c75d65e27d16
 
x86_64:
nasm-0.98.38-3.EL4.x86_64.rpm     MD5: b5bb239b599138d9a95b3c2ae8547f4c
nasm-doc-0.98.38-3.EL4.x86_64.rpm     MD5: 5e1747bc627c8669a87b8c5ebbd65a6c
nasm-rdoff-0.98.38-3.EL4.x86_64.rpm     MD5: 06e5212f11ddd1c2607894bcc472932c
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
nasm-0.98-8.EL21.i386.rpm     MD5: 7a21c7596d6ee53189a7718c89a6d00c
nasm-doc-0.98-8.EL21.i386.rpm     MD5: bcad7b119dc701210cd58c73dda3a7d8
nasm-rdoff-0.98-8.EL21.i386.rpm     MD5: c1dcee8fa30b706271ee943a47d5311f
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
nasm-0.98.35-3.EL3.i386.rpm     MD5: e98eac750aa8bab598e85f6ce641395b
 
IA-64:
nasm-0.98.35-3.EL3.ia64.rpm     MD5: b3ce384b524ecb0fa1ed268f78f8ab9e
 
x86_64:
nasm-0.98.35-3.EL3.x86_64.rpm     MD5: 60bf4a4633c4a2ecae073b4e171904c2
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
nasm-0.98.38-3.EL4.i386.rpm     MD5: ec47b92aff6517cb06dcd0a920327d58
nasm-doc-0.98.38-3.EL4.i386.rpm     MD5: 7f0a211d2a8425226e30a07a3885458f
nasm-rdoff-0.98.38-3.EL4.i386.rpm     MD5: e58d181c2745c48249e07dbefe0bedbd
 
IA-64:
nasm-0.98.38-3.EL4.ia64.rpm     MD5: 305bc728323df4b766708ab0b4106034
nasm-doc-0.98.38-3.EL4.ia64.rpm     MD5: 58ccaac93f41e3d55c606f3dbbb4bddb
nasm-rdoff-0.98.38-3.EL4.ia64.rpm     MD5: 98f07827890b67656c05c75d65e27d16
 
x86_64:
nasm-0.98.38-3.EL4.x86_64.rpm     MD5: b5bb239b599138d9a95b3c2ae8547f4c
nasm-doc-0.98.38-3.EL4.x86_64.rpm     MD5: 5e1747bc627c8669a87b8c5ebbd65a6c
nasm-rdoff-0.98.38-3.EL4.x86_64.rpm     MD5: 06e5212f11ddd1c2607894bcc472932c
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
nasm-0.98-8.EL21.ia64.rpm     MD5: 1fc19e048f0e18e172dc660f8e878981
nasm-doc-0.98-8.EL21.ia64.rpm     MD5: 14d54bd30637be9be60a15b46789a5d4
nasm-rdoff-0.98-8.EL21.ia64.rpm     MD5: 79b480ab6b977aac93ca46c5d42b63c5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

143081 - CAN-2004-1287 Bernstein class reports buffer overflow in nasm
152962 - CAN-2005-1194 Buffer overflow in the ieee_putascii() function


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/