=========================================================== Ubuntu Security Notice USN-128-1 May 17, 2005 nasm vulnerability CAN-2005-1194 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: nasm The problem can be corrected by upgrading the affected package to version 0.98.38-1ubuntu0.2 (for Ubuntu 4.10), or 0.98.38-1.1ubuntu0.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Josh Bressers discovered a buffer overflow in the ieee_putascii() function of nasm. If an attacker tricked a user into assembling a malicious source file, they could exploit this to execute arbitrary code with the privileges of the user that runs nasm.