Mandriva Update For Nasm MDVSA-2008:120 (nasm) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

An off-by-one error was found in nasm 2.02 that allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow (CVE-2008-2719). The updated packages have been patched to prevent this issue.

Affected

nasm on Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-2719

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:174 (perl-Compress-Raw-Zlib)
Mandrake Security Advisory MDVSA-2009:069 (curl)
Mandrake Security Advisory MDVSA-2009:058 (wireshark)
Mandrake Security Advisory MDVSA-2009:026 (phpMyAdmin)
Mandrake Security Advisory MDVSA-2009:068 (poppler)

Mandriva Update for nasm MDVSA-2008:120 (nasm)

Take action and discover your vulnerabilities