Support / Security / Advisories / Mandriva Linux 2008.1 / MDVSA-2008:120

Package name: nasm
Date: 2008-06-21
Advisory ID: MDVSA-2008:120
Affected versions: 2008.1 x86_64 , 2008.1 i586

Problem description

An off-by-one error was found in nasm 2.02 that allowed
context-dependent attackers to cause a denial of service (crash)
or possibly execute arbitrary code via a crafted file that triggers
a stack-based buffer overflow (CVE-2008-2719).

The updated packages have been patched to prevent this issue.

Updated packages

2008.1 x86_64

 a0658241d5d1bd9d0757b20cd1b49619  2008.1/x86_64/nasm-2.02-1.1mdv2008.1.x86_64.rpm
 c4097b75d9d9fbc85543aa005da7e78e  2008.1/x86_64/nasm-doc-2.02-1.1mdv2008.1.x86_64.rpm
 b5f13c0f7ca800623c7858451fdd9891  2008.1/x86_64/nasm-rdoff-2.02-1.1mdv2008.1.x86_64.rpm 
 4e9ca678761155cdd0fcbc47b99e1ffe  2008.1/SRPMS/nasm-2.02-1.1mdv2008.1.src.rpm

2008.1 i586

 e1341726c74cee725268e292736163e8  2008.1/i586/nasm-2.02-1.1mdv2008.1.i586.rpm
 44741f5580b9b7e64fecc26814590302  2008.1/i586/nasm-doc-2.02-1.1mdv2008.1.i586.rpm
 9a52325d2063b8e6461cc110bf5c99fe  2008.1/i586/nasm-rdoff-2.02-1.1mdv2008.1.i586.rpm 
 4e9ca678761155cdd0fcbc47b99e1ffe  2008.1/SRPMS/nasm-2.02-1.1mdv2008.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2719