Pufferüberläufe in nasm
ID: | RHSA-2005:381-01 |
Distribution: | Red Hat |
Plattformen: | Red Hat Enterprise Linux |
Datum: | Do, 5. Mai 2005, 13:00 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1194 http://tigger.uic.edu/~jlongs2/holes/nasm.txt |
Applikationen: | NASM - The Netwide Assembler |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: nasm security update Advisory ID: RHSA-2005:381-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-381.html Issue date: 2005-05-04 Updated on: 2005-05-04 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1287 CAN-2005-1194 --------------------------------------------------------------------- 1. Summary: An updated nasm package that fixes multiple security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: NASM is an 80x86 assembler. Two stack based buffer overflow bugs have been found in nasm. An attacker could create an ASM file in such a way that when compiled by a victim, could execute arbitrary code on their machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1287 and CAN-2005-1194 to these issues. All users of nasm are advised to upgrade to this updated package, which contains backported fixes for these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 143081 - CAN-2004-1287 Bernstein class reports buffer overflow in nasm 152962 - CAN-2005-1194 Buffer overflow in the ieee_putascii() function 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm 0e391e76be6291247278180dbe31289f nasm-0.98-8.EL21.src.rpm i386: 7a21c7596d6ee53189a7718c89a6d00c nasm-0.98-8.EL21.i386.rpm bcad7b119dc701210cd58c73dda3a7d8 nasm-doc-0.98-8.EL21.i386.rpm c1dcee8fa30b706271ee943a47d5311f nasm-rdoff-0.98-8.EL21.i386.rpm ia64: 1fc19e048f0e18e172dc660f8e878981 nasm-0.98-8.EL21.ia64.rpm 14d54bd30637be9be60a15b46789a5d4 nasm-doc-0.98-8.EL21.ia64.rpm 79b480ab6b977aac93ca46c5d42b63c5 nasm-rdoff-0.98-8.EL21.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm 0e391e76be6291247278180dbe31289f nasm-0.98-8.EL21.src.rpm ia64: 1fc19e048f0e18e172dc660f8e878981 nasm-0.98-8.EL21.ia64.rpm 14d54bd30637be9be60a15b46789a5d4 nasm-doc-0.98-8.EL21.ia64.rpm 79b480ab6b977aac93ca46c5d42b63c5 nasm-rdoff-0.98-8.EL21.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm 0e391e76be6291247278180dbe31289f nasm-0.98-8.EL21.src.rpm i386: 7a21c7596d6ee53189a7718c89a6d00c nasm-0.98-8.EL21.i386.rpm bcad7b119dc701210cd58c73dda3a7d8 nasm-doc-0.98-8.EL21.i386.rpm c1dcee8fa30b706271ee943a47d5311f nasm-rdoff-0.98-8.EL21.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/nasm-0.98-8.EL21.src.rpm 0e391e76be6291247278180dbe31289f nasm-0.98-8.EL21.src.rpm i386: 7a21c7596d6ee53189a7718c89a6d00c nasm-0.98-8.EL21.i386.rpm bcad7b119dc701210cd58c73dda3a7d8 nasm-doc-0.98-8.EL21.i386.rpm c1dcee8fa30b706271ee943a47d5311f nasm-rdoff-0.98-8.EL21.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm 5f61d41a8564a3ebe59d9d0c1339a31d nasm-0.98.35-3.EL3.src.rpm i386: e98eac750aa8bab598e85f6ce641395b nasm-0.98.35-3.EL3.i386.rpm ia64: b3ce384b524ecb0fa1ed268f78f8ab9e nasm-0.98.35-3.EL3.ia64.rpm ppc: 567ebac5174d054b7bb2806ba375d396 nasm-0.98.35-3.EL3.ppc.rpm s390: f95d693302a3fb516d195d71f106337f nasm-0.98.35-3.EL3.s390.rpm s390x: 5cf1c6de3faf209d2578797b88df9aee nasm-0.98.35-3.EL3.s390x.rpm x86_64: 60bf4a4633c4a2ecae073b4e171904c2 nasm-0.98.35-3.EL3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm 5f61d41a8564a3ebe59d9d0c1339a31d nasm-0.98.35-3.EL3.src.rpm i386: e98eac750aa8bab598e85f6ce641395b nasm-0.98.35-3.EL3.i386.rpm x86_64: 60bf4a4633c4a2ecae073b4e171904c2 nasm-0.98.35-3.EL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm 5f61d41a8564a3ebe59d9d0c1339a31d nasm-0.98.35-3.EL3.src.rpm i386: e98eac750aa8bab598e85f6ce641395b nasm-0.98.35-3.EL3.i386.rpm ia64: b3ce384b524ecb0fa1ed268f78f8ab9e nasm-0.98.35-3.EL3.ia64.rpm x86_64: 60bf4a4633c4a2ecae073b4e171904c2 nasm-0.98.35-3.EL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/nasm-0.98.35-3.EL3.src.rpm 5f61d41a8564a3ebe59d9d0c1339a31d nasm-0.98.35-3.EL3.src.rpm i386: e98eac750aa8bab598e85f6ce641395b nasm-0.98.35-3.EL3.i386.rpm ia64: b3ce384b524ecb0fa1ed268f78f8ab9e nasm-0.98.35-3.EL3.ia64.rpm x86_64: 60bf4a4633c4a2ecae073b4e171904c2 nasm-0.98.35-3.EL3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm 43683b7db10b468e90659bb8f0090943 nasm-0.98.38-3.EL4.src.rpm i386: ec47b92aff6517cb06dcd0a920327d58 nasm-0.98.38-3.EL4.i386.rpm 7f0a211d2a8425226e30a07a3885458f nasm-doc-0.98.38-3.EL4.i386.rpm e58d181c2745c48249e07dbefe0bedbd nasm-rdoff-0.98.38-3.EL4.i386.rpm ia64: 305bc728323df4b766708ab0b4106034 nasm-0.98.38-3.EL4.ia64.rpm 58ccaac93f41e3d55c606f3dbbb4bddb nasm-doc-0.98.38-3.EL4.ia64.rpm 98f07827890b67656c05c75d65e27d16 nasm-rdoff-0.98.38-3.EL4.ia64.rpm ppc: 832c5c9949a2579e528a3a22a34ce55c nasm-0.98.38-3.EL4.ppc.rpm 4f7b21a69a5990f61282972b09081acc nasm-doc-0.98.38-3.EL4.ppc.rpm a9ff73e7360a81d9e2a3ce17747df06e nasm-rdoff-0.98.38-3.EL4.ppc.rpm s390: e7dc55bde0bca7bc25b68e2d96d3b49c nasm-0.98.38-3.EL4.s390.rpm cf0cb48e144a4c0e8f3b6518b437763b nasm-doc-0.98.38-3.EL4.s390.rpm 17a92ff7a05026fa1e2331153f1023c0 nasm-rdoff-0.98.38-3.EL4.s390.rpm s390x: 30ba9ad41ff9588918403244e87d84e1 nasm-0.98.38-3.EL4.s390x.rpm a6c2e7bfb5c9ccb8f266d4010b5931b6 nasm-doc-0.98.38-3.EL4.s390x.rpm 88f4f1c6ad49ef338956e8f2d9265e7e nasm-rdoff-0.98.38-3.EL4.s390x.rpm x86_64: b5bb239b599138d9a95b3c2ae8547f4c nasm-0.98.38-3.EL4.x86_64.rpm 5e1747bc627c8669a87b8c5ebbd65a6c nasm-doc-0.98.38-3.EL4.x86_64.rpm 06e5212f11ddd1c2607894bcc472932c nasm-rdoff-0.98.38-3.EL4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm 43683b7db10b468e90659bb8f0090943 nasm-0.98.38-3.EL4.src.rpm i386: ec47b92aff6517cb06dcd0a920327d58 nasm-0.98.38-3.EL4.i386.rpm 7f0a211d2a8425226e30a07a3885458f nasm-doc-0.98.38-3.EL4.i386.rpm e58d181c2745c48249e07dbefe0bedbd nasm-rdoff-0.98.38-3.EL4.i386.rpm x86_64: b5bb239b599138d9a95b3c2ae8547f4c nasm-0.98.38-3.EL4.x86_64.rpm 5e1747bc627c8669a87b8c5ebbd65a6c nasm-doc-0.98.38-3.EL4.x86_64.rpm 06e5212f11ddd1c2607894bcc472932c nasm-rdoff-0.98.38-3.EL4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm 43683b7db10b468e90659bb8f0090943 nasm-0.98.38-3.EL4.src.rpm i386: ec47b92aff6517cb06dcd0a920327d58 nasm-0.98.38-3.EL4.i386.rpm 7f0a211d2a8425226e30a07a3885458f nasm-doc-0.98.38-3.EL4.i386.rpm e58d181c2745c48249e07dbefe0bedbd nasm-rdoff-0.98.38-3.EL4.i386.rpm ia64: 305bc728323df4b766708ab0b4106034 nasm-0.98.38-3.EL4.ia64.rpm 58ccaac93f41e3d55c606f3dbbb4bddb nasm-doc-0.98.38-3.EL4.ia64.rpm 98f07827890b67656c05c75d65e27d16 nasm-rdoff-0.98.38-3.EL4.ia64.rpm x86_64: b5bb239b599138d9a95b3c2ae8547f4c nasm-0.98.38-3.EL4.x86_64.rpm 5e1747bc627c8669a87b8c5ebbd65a6c nasm-doc-0.98.38-3.EL4.x86_64.rpm 06e5212f11ddd1c2607894bcc472932c nasm-rdoff-0.98.38-3.EL4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nasm-0.98.38-3.EL4.src.rpm 43683b7db10b468e90659bb8f0090943 nasm-0.98.38-3.EL4.src.rpm i386: ec47b92aff6517cb06dcd0a920327d58 nasm-0.98.38-3.EL4.i386.rpm 7f0a211d2a8425226e30a07a3885458f nasm-doc-0.98.38-3.EL4.i386.rpm e58d181c2745c48249e07dbefe0bedbd nasm-rdoff-0.98.38-3.EL4.i386.rpm ia64: 305bc728323df4b766708ab0b4106034 nasm-0.98.38-3.EL4.ia64.rpm 58ccaac93f41e3d55c606f3dbbb4bddb nasm-doc-0.98.38-3.EL4.ia64.rpm 98f07827890b67656c05c75d65e27d16 nasm-rdoff-0.98.38-3.EL4.ia64.rpm x86_64: b5bb239b599138d9a95b3c2ae8547f4c nasm-0.98.38-3.EL4.x86_64.rpm 5e1747bc627c8669a87b8c5ebbd65a6c nasm-doc-0.98.38-3.EL4.x86_64.rpm 06e5212f11ddd1c2607894bcc472932c nasm-rdoff-0.98.38-3.EL4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://tigger.uic.edu/~jlongs2/holes/nasm.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1194 8. Contact: The Red Hat security contact is |