Bug 522586 (CVE-2008-7177)
Summary: | CVE-2008-7177 nasm: listing module buffer overflow | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | rth, zprikryl |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7177 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-09-10 18:40:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 452800 | ||
Bug Blocks: |
Description
Tomas Hoger
2009-09-10 18:34:07 UTC
Doing a bit more search around this... This is full diff between 2.03 and 2.03.1: http://repo.or.cz/w/nasm.git?a=treediff;hp=a122578dcd9f3461c43dd9f9b81b64d832208866;hb=07c1468307f3b6fe16c7984447cc6512d1677140;hpb=c751e86145aec99b2212321903146723e75af22a Relevant part of it is: http://repo.or.cz/w/nasm.git?a=commitdiff;h=7174c5812e3d9f8d32dabdd612487231403e20df Which, via commit message, leads to this SF.net bug report with further details: http://sourceforge.net/tracker/?func=detail&atid=106208&aid=1991797&group_id=6208 The code in question was introduced upstream via following commit in Nov 2007: http://repo.or.cz/w/nasm.git?a=commitdiff;h=34f6fb0a65b247442afcb2148c8c80112ab4cd59 The code is not present in nasm versions shipped in Red Hat Enterprise Linux 3, 4 and 5, hence those versions are not affected by this flaw. All current Fedora versions are already updated to use nasm version 2.03.1 or later. |