Login
Newsletter
Werbung
Sicherheit: Zahlenüberläufe in flash-player
Aktuelle Meldungen Distributionen
Name: Zahlenüberläufe in flash-player
ID: TLSA-2007-36
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, TurboLinux wizpy
Datum: Mi, 25. Juli 2007, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457
Applikationen: Flash Plugin for Browsers

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2007-36
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 24 Jul 2007
 Last revised: 24 Jul 2007

 Package: flash-player

 Summary: Three vulnerabilities discovered in flash-player

 More information:
    Adobe Flash Player for Mozilla and Mozilla compatible.

    - Flash Player allows remote attackers to obtain sensitive information
      (browser keystrokes), which are leaked to the Flash Player applet.
    - Integer overflow vulnerabilities have been discovered in Flash Playey.
    - Flash Player insufficiently validates HTTP Referer headers,
      which potentially allows remote attackers to conduct a CSRF attack
      via a crafted SWF file. 

 Impact:
    This vulnerabilities may allow remote attackers to execute arbitrary code
 or
    to obtain sensitive information via Flash File.

 Affected Products:
    - Turbolinux Wizpy
    - Turbolinux FUJI


 <wizpy>

   Binary Packages
   Size: MD5

   flash-player-9.0.48.0-1.ama
      2671292 24dfa7ac1423a9669caea792d95b47cb

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   flash-player-9.0.48.0-1.src.rpm
      2597496 d9d9a62c9b42c0bad41040903a5786e5

   Binary Packages
   Size: MD5

   flash-player-9.0.48.0-1.i586.rpm
      2645526 1a00fbd5c3a5ced01cf5bd38f5d574c4


 References:

 Adobe Systems
   [APSB07-12]
   http://www.adobe.com/support/security/bulletins/apsb07-12.html

 CVE
   [CVE-2007-2022]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022
   [CVE-2007-3456]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456
   [CVE-2007-3457]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457

 --------------------------------------------------------------------------
 Revision History
    24 Jul 2007 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2007 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGpZjxK0LzjOqIJMwRAhp+AJ0fW4YzIlyF1uKxVoxfnA9Xg0yxAwCfbyMP
z7DX4942WXTaY1cDwfN3Hd4=
=3RMC
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung