drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in flash-plugin
Name: |
Mehrere Probleme in flash-plugin |
|
ID: |
RHSA-2011:0259-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux Extras |
|
Datum: |
Di, 15. Februar 2011, 22:31 |
|
Referenzen: |
http://kb2.adobe.com/cps/406/kb406791.html
https://access.redhat.com/kb/docs/DOC-1639 |
|
Applikationen: |
Flash Plugin for Browsers |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: flash-plugin - 1-Month End Of Life Notice Advisory ID: RHSA-2011:0259-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0259.html Issue date: 2011-02-15 =====================================================================
1. Summary:
The flash-plugin package on Red Hat Enterprise Linux 4 contains multiple security flaws and should no longer be used. This is the 1-month notification of Red Hat's plans to disable Adobe Flash Player 9 on Red Hat Enterprise Linux 4.
The Red Hat Security Response Team has rated this update as having critical security impact.
2. Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386 Red Hat Enterprise Linux AS version 4 Extras - i386 Red Hat Enterprise Linux ES version 4 Extras - i386 Red Hat Enterprise Linux WS version 4 Extras - i386
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.
Adobe Flash Player 9 is vulnerable to critical security flaws and should no longer be used. A remote attacker could use these flaws to execute arbitrary code with the privileges of the user running Flash Player 9. (CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608)
Adobe is no longer providing security updates for Adobe Flash Player 9, and is not providing a replacement Flash Player version compatible with Red Hat Enterprise Linux 4.
In one month Red Hat plans to release an update for the flash-plugin package that will prevent it from functioning. User wishing to continue using Flash Player 9, despite the vulnerabilities, can add the flash-plugin package to the up2date skip list. Refer to the following Red Hat Knowledgebase article for instructions on adding a package to the up2date skip list: https://access.redhat.com/kb/docs/DOC-1639
4. Solution:
This erratum contains a flash-plugin package with an updated version number to ensure the distribution of this notice; however, no changes have been made to the package.
5. Bugs fixed (http://bugzilla.redhat.com/):
676226 - CVE-2011-0558 CVE-2011-0559 CVE-2011-0560 CVE-2011-0561 CVE-2011-0571 CVE-2011-0572 CVE-2011-0573 CVE-2011-0574 CVE-2011-0575 CVE-2011-0577 CVE-2011-0578 CVE-2011-0607 CVE-2011-0608 flash-plugin: multiple code execution flaws (APSB11-02)
6. Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: flash-plugin-9.0.289.0-2.el4.i386.rpm
Red Hat Desktop version 4 Extras:
i386: flash-plugin-9.0.289.0-2.el4.i386.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: flash-plugin-9.0.289.0-2.el4.i386.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: flash-plugin-9.0.289.0-2.el4.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
7. References:
https://access.redhat.com/security/updates/classification/#critical http://kb2.adobe.com/cps/406/kb406791.html https://access.redhat.com/kb/docs/DOC-1639
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFNWtYUXlSAg2UNWIIRAnV4AKC+tA+zJiAwrg7Zn5Cg6hK6sEgbuQCfUNNi wSiCNZd0QstlfxKS93iSahU= =rvsA -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|