Login


 
Newsletter
Werbung
Sicherheit: Zahlenüberläufe in flash-player
Aktuelle Meldungen Distributionen
Name: Zahlenüberläufe in flash-player
ID: TLSA-2007-36
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, TurboLinux wizpy
Datum: Mi, 25. Juli 2007, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-36
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 24 Jul 2007
Last revised: 24 Jul 2007

Package: flash-player

Summary: Three vulnerabilities discovered in flash-player

More information:
Adobe Flash Player for Mozilla and Mozilla compatible.

- Flash Player allows remote attackers to obtain sensitive information
(browser keystrokes), which are leaked to the Flash Player applet.
- Integer overflow vulnerabilities have been discovered in Flash Playey.
- Flash Player insufficiently validates HTTP Referer headers,
which potentially allows remote attackers to conduct a CSRF attack
via a crafted SWF file.

Impact:
This vulnerabilities may allow remote attackers to execute arbitrary code
or
to obtain sensitive information via Flash File.

Affected Products:
- Turbolinux Wizpy
- Turbolinux FUJI


<wizpy>

Binary Packages
Size: MD5

flash-player-9.0.48.0-1.ama
2671292 24dfa7ac1423a9669caea792d95b47cb

<Turbolinux FUJI>

Source Packages
Size: MD5

flash-player-9.0.48.0-1.src.rpm
2597496 d9d9a62c9b42c0bad41040903a5786e5

Binary Packages
Size: MD5

flash-player-9.0.48.0-1.i586.rpm
2645526 1a00fbd5c3a5ced01cf5bd38f5d574c4


References:

Adobe Systems
[APSB07-12]
http://www.adobe.com/support/security/bulletins/apsb07-12.html

CVE
[CVE-2007-2022]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022
[CVE-2007-3456]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456
[CVE-2007-3457]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457

--------------------------------------------------------------------------
Revision History
24 Jul 2007 Initial release
--------------------------------------------------------------------------

Copyright(C) 2007 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGpZjxK0LzjOqIJMwRAhp+AJ0fW4YzIlyF1uKxVoxfnA9Xg0yxAwCfbyMP
z7DX4942WXTaY1cDwfN3Hd4=
=3RMC
-----END PGP SIGNATURE-----
Pro-Linux
Forum
Neue Nachrichten
Werbung