[RHSA-2005:381-01] Low: nasm security update

bugzilla at redhat.com bugzilla at redhat.com
Wed May 4 15:10:00 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: nasm security update
Advisory ID:       RHSA-2005:381-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-381.html
Issue date:        2005-05-04
Updated on:        2005-05-04
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1287 CAN-2005-1194
- ---------------------------------------------------------------------

1. Summary:

An updated nasm package that fixes multiple security issues is now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

NASM is an 80x86 assembler.

Two stack based buffer overflow bugs have been found in nasm. An attacker
could create an ASM file in such a way that when compiled by a victim,
could execute arbitrary code on their machine. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1287
and CAN-2005-1194 to these issues.

All users of nasm are advised to upgrade to this updated package, which
contains backported fixes for these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

143081 - CAN-2004-1287 Bernstein class reports buffer overflow in nasm
152962 - CAN-2005-1194 Buffer overflow in the ieee_putascii() function

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm
0e391e76be6291247278180dbe31289f  nasm-0.98-8.EL21.src.rpm

i386:
7a21c7596d6ee53189a7718c89a6d00c  nasm-0.98-8.EL21.i386.rpm
bcad7b119dc701210cd58c73dda3a7d8  nasm-doc-0.98-8.EL21.i386.rpm
c1dcee8fa30b706271ee943a47d5311f  nasm-rdoff-0.98-8.EL21.i386.rpm

ia64:
1fc19e048f0e18e172dc660f8e878981  nasm-0.98-8.EL21.ia64.rpm
14d54bd30637be9be60a15b46789a5d4  nasm-doc-0.98-8.EL21.ia64.rpm
79b480ab6b977aac93ca46c5d42b63c5  nasm-rdoff-0.98-8.EL21.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm
0e391e76be6291247278180dbe31289f  nasm-0.98-8.EL21.src.rpm

ia64:
1fc19e048f0e18e172dc660f8e878981  nasm-0.98-8.EL21.ia64.rpm
14d54bd30637be9be60a15b46789a5d4  nasm-doc-0.98-8.EL21.ia64.rpm
79b480ab6b977aac93ca46c5d42b63c5  nasm-rdoff-0.98-8.EL21.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm
0e391e76be6291247278180dbe31289f  nasm-0.98-8.EL21.src.rpm

i386:
7a21c7596d6ee53189a7718c89a6d00c  nasm-0.98-8.EL21.i386.rpm
bcad7b119dc701210cd58c73dda3a7d8  nasm-doc-0.98-8.EL21.i386.rpm
c1dcee8fa30b706271ee943a47d5311f  nasm-rdoff-0.98-8.EL21.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm
0e391e76be6291247278180dbe31289f  nasm-0.98-8.EL21.src.rpm

i386:
7a21c7596d6ee53189a7718c89a6d00c  nasm-0.98-8.EL21.i386.rpm
bcad7b119dc701210cd58c73dda3a7d8  nasm-doc-0.98-8.EL21.i386.rpm
c1dcee8fa30b706271ee943a47d5311f  nasm-rdoff-0.98-8.EL21.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm
5f61d41a8564a3ebe59d9d0c1339a31d  nasm-0.98.35-3.EL3.src.rpm

i386:
e98eac750aa8bab598e85f6ce641395b  nasm-0.98.35-3.EL3.i386.rpm

ia64:
b3ce384b524ecb0fa1ed268f78f8ab9e  nasm-0.98.35-3.EL3.ia64.rpm

ppc:
567ebac5174d054b7bb2806ba375d396  nasm-0.98.35-3.EL3.ppc.rpm

s390:
f95d693302a3fb516d195d71f106337f  nasm-0.98.35-3.EL3.s390.rpm

s390x:
5cf1c6de3faf209d2578797b88df9aee  nasm-0.98.35-3.EL3.s390x.rpm

x86_64:
60bf4a4633c4a2ecae073b4e171904c2  nasm-0.98.35-3.EL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm
5f61d41a8564a3ebe59d9d0c1339a31d  nasm-0.98.35-3.EL3.src.rpm

i386:
e98eac750aa8bab598e85f6ce641395b  nasm-0.98.35-3.EL3.i386.rpm

x86_64:
60bf4a4633c4a2ecae073b4e171904c2  nasm-0.98.35-3.EL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm
5f61d41a8564a3ebe59d9d0c1339a31d  nasm-0.98.35-3.EL3.src.rpm

i386:
e98eac750aa8bab598e85f6ce641395b  nasm-0.98.35-3.EL3.i386.rpm

ia64:
b3ce384b524ecb0fa1ed268f78f8ab9e  nasm-0.98.35-3.EL3.ia64.rpm

x86_64:
60bf4a4633c4a2ecae073b4e171904c2  nasm-0.98.35-3.EL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm
5f61d41a8564a3ebe59d9d0c1339a31d  nasm-0.98.35-3.EL3.src.rpm

i386:
e98eac750aa8bab598e85f6ce641395b  nasm-0.98.35-3.EL3.i386.rpm

ia64:
b3ce384b524ecb0fa1ed268f78f8ab9e  nasm-0.98.35-3.EL3.ia64.rpm

x86_64:
60bf4a4633c4a2ecae073b4e171904c2  nasm-0.98.35-3.EL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm
43683b7db10b468e90659bb8f0090943  nasm-0.98.38-3.EL4.src.rpm

i386:
ec47b92aff6517cb06dcd0a920327d58  nasm-0.98.38-3.EL4.i386.rpm
7f0a211d2a8425226e30a07a3885458f  nasm-doc-0.98.38-3.EL4.i386.rpm
e58d181c2745c48249e07dbefe0bedbd  nasm-rdoff-0.98.38-3.EL4.i386.rpm

ia64:
305bc728323df4b766708ab0b4106034  nasm-0.98.38-3.EL4.ia64.rpm
58ccaac93f41e3d55c606f3dbbb4bddb  nasm-doc-0.98.38-3.EL4.ia64.rpm
98f07827890b67656c05c75d65e27d16  nasm-rdoff-0.98.38-3.EL4.ia64.rpm

ppc:
832c5c9949a2579e528a3a22a34ce55c  nasm-0.98.38-3.EL4.ppc.rpm
4f7b21a69a5990f61282972b09081acc  nasm-doc-0.98.38-3.EL4.ppc.rpm
a9ff73e7360a81d9e2a3ce17747df06e  nasm-rdoff-0.98.38-3.EL4.ppc.rpm

s390:
e7dc55bde0bca7bc25b68e2d96d3b49c  nasm-0.98.38-3.EL4.s390.rpm
cf0cb48e144a4c0e8f3b6518b437763b  nasm-doc-0.98.38-3.EL4.s390.rpm
17a92ff7a05026fa1e2331153f1023c0  nasm-rdoff-0.98.38-3.EL4.s390.rpm

s390x:
30ba9ad41ff9588918403244e87d84e1  nasm-0.98.38-3.EL4.s390x.rpm
a6c2e7bfb5c9ccb8f266d4010b5931b6  nasm-doc-0.98.38-3.EL4.s390x.rpm
88f4f1c6ad49ef338956e8f2d9265e7e  nasm-rdoff-0.98.38-3.EL4.s390x.rpm

x86_64:
b5bb239b599138d9a95b3c2ae8547f4c  nasm-0.98.38-3.EL4.x86_64.rpm
5e1747bc627c8669a87b8c5ebbd65a6c  nasm-doc-0.98.38-3.EL4.x86_64.rpm
06e5212f11ddd1c2607894bcc472932c  nasm-rdoff-0.98.38-3.EL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm
43683b7db10b468e90659bb8f0090943  nasm-0.98.38-3.EL4.src.rpm

i386:
ec47b92aff6517cb06dcd0a920327d58  nasm-0.98.38-3.EL4.i386.rpm
7f0a211d2a8425226e30a07a3885458f  nasm-doc-0.98.38-3.EL4.i386.rpm
e58d181c2745c48249e07dbefe0bedbd  nasm-rdoff-0.98.38-3.EL4.i386.rpm

x86_64:
b5bb239b599138d9a95b3c2ae8547f4c  nasm-0.98.38-3.EL4.x86_64.rpm
5e1747bc627c8669a87b8c5ebbd65a6c  nasm-doc-0.98.38-3.EL4.x86_64.rpm
06e5212f11ddd1c2607894bcc472932c  nasm-rdoff-0.98.38-3.EL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm
43683b7db10b468e90659bb8f0090943  nasm-0.98.38-3.EL4.src.rpm

i386:
ec47b92aff6517cb06dcd0a920327d58  nasm-0.98.38-3.EL4.i386.rpm
7f0a211d2a8425226e30a07a3885458f  nasm-doc-0.98.38-3.EL4.i386.rpm
e58d181c2745c48249e07dbefe0bedbd  nasm-rdoff-0.98.38-3.EL4.i386.rpm

ia64:
305bc728323df4b766708ab0b4106034  nasm-0.98.38-3.EL4.ia64.rpm
58ccaac93f41e3d55c606f3dbbb4bddb  nasm-doc-0.98.38-3.EL4.ia64.rpm
98f07827890b67656c05c75d65e27d16  nasm-rdoff-0.98.38-3.EL4.ia64.rpm

x86_64:
b5bb239b599138d9a95b3c2ae8547f4c  nasm-0.98.38-3.EL4.x86_64.rpm
5e1747bc627c8669a87b8c5ebbd65a6c  nasm-doc-0.98.38-3.EL4.x86_64.rpm
06e5212f11ddd1c2607894bcc472932c  nasm-rdoff-0.98.38-3.EL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm
43683b7db10b468e90659bb8f0090943  nasm-0.98.38-3.EL4.src.rpm

i386:
ec47b92aff6517cb06dcd0a920327d58  nasm-0.98.38-3.EL4.i386.rpm
7f0a211d2a8425226e30a07a3885458f  nasm-doc-0.98.38-3.EL4.i386.rpm
e58d181c2745c48249e07dbefe0bedbd  nasm-rdoff-0.98.38-3.EL4.i386.rpm

ia64:
305bc728323df4b766708ab0b4106034  nasm-0.98.38-3.EL4.ia64.rpm
58ccaac93f41e3d55c606f3dbbb4bddb  nasm-doc-0.98.38-3.EL4.ia64.rpm
98f07827890b67656c05c75d65e27d16  nasm-rdoff-0.98.38-3.EL4.ia64.rpm

x86_64:
b5bb239b599138d9a95b3c2ae8547f4c  nasm-0.98.38-3.EL4.x86_64.rpm
5e1747bc627c8669a87b8c5ebbd65a6c  nasm-doc-0.98.38-3.EL4.x86_64.rpm
06e5212f11ddd1c2607894bcc472932c  nasm-rdoff-0.98.38-3.EL4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://tigger.uic.edu/~jlongs2/holes/nasm.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1194

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCeOXYXlSAg2UNWIIRArzAAKCqyatv1on8MXu7z9SpbIZDV+7DiQCgtoka
mRpKKrT1Rxhwfix1hDce9kg=
=+V/J
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list