View Full Version : USN-648-1: nasm vulnerability

September 30th, 2008, 09:40 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-648-1 September 30, 2008 nasm vulnerability CVE-2008-2719 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: nasm 0.99.06-2ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Philipp Thomas discovered that the ppscan function of nasm contained an off-by-one error. If a user or automated system were tricked into assembling a specially crafted ASM file, a remote attacker could execute arbitrary commands with user privileges.

More... (http://www.ubuntu.com/usn/usn-648-1)