drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberläufe in flash-player
Name: |
Zahlenüberläufe in flash-player |
|
ID: |
TLSA-2007-36 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux FUJI, TurboLinux wizpy |
|
Datum: |
Mi, 25. Juli 2007, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457 |
|
Applikationen: |
Flash Plugin for Browsers |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-36 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 24 Jul 2007 Last revised: 24 Jul 2007
Package: flash-player
Summary: Three vulnerabilities discovered in flash-player
More information: Adobe Flash Player for Mozilla and Mozilla compatible.
- Flash Player allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. - Integer overflow vulnerabilities have been discovered in Flash Playey. - Flash Player insufficiently validates HTTP Referer headers, which potentially allows remote attackers to conduct a CSRF attack via a crafted SWF file.
Impact: This vulnerabilities may allow remote attackers to execute arbitrary code or to obtain sensitive information via Flash File.
Affected Products: - Turbolinux Wizpy - Turbolinux FUJI
<wizpy>
Binary Packages Size: MD5
flash-player-9.0.48.0-1.ama 2671292 24dfa7ac1423a9669caea792d95b47cb
<Turbolinux FUJI>
Source Packages Size: MD5
flash-player-9.0.48.0-1.src.rpm 2597496 d9d9a62c9b42c0bad41040903a5786e5
Binary Packages Size: MD5
flash-player-9.0.48.0-1.i586.rpm 2645526 1a00fbd5c3a5ced01cf5bd38f5d574c4
References:
Adobe Systems [APSB07-12] http://www.adobe.com/support/security/bulletins/apsb07-12.html
CVE [CVE-2007-2022] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022 [CVE-2007-3456] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456 [CVE-2007-3457] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457
-------------------------------------------------------------------------- Revision History 24 Jul 2007 Initial release --------------------------------------------------------------------------
Copyright(C) 2007 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGpZjxK0LzjOqIJMwRAhp+AJ0fW4YzIlyF1uKxVoxfnA9Xg0yxAwCfbyMP z7DX4942WXTaY1cDwfN3Hd4= =3RMC -----END PGP SIGNATURE-----
|
|
|
|