Sicherheit: Ausführen beliebiger Kommandos in flash-player

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-44
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 24 Dec 2008
Last revised: 24 Dec 2008

Package: flash-player

Summary: A critical vulnerability

More information:
Adobe Flash Player for Mozilla and Mozilla compatible.

Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and
9.0.151.0 and earlier,
allows remote attackers to execute arbitrary code via a crafted SWF file.
(CVE-2008-5499)

Affected Products:
- Turbolinux Client 2008
- Turbolinux Wizpy
- Turbolinux FUJI

<Turbolinux Client 2008>

Source Packages
Size: MD5

flash-player-10.0.15.3-1.src.rpm
3944512 de56c6ad2066b5db05bf4944efd5f439

Binary Packages
Size: MD5

flash-player-10.0.15.3-1.i586.rpm
3931587 4f1f04918aec9073063dab7fe75298f1

<wizpy>

Binary Packages
Size: MD5

flash-player-9.0.152.0-1.ama
3125949 123824ccd769b7fe38fa6f5004415bbf

<Turbolinux FUJI>

Source Packages
Size: MD5

flash-player-9.0.152.0-1.src.rpm
3046332 5d539d804fcc8e7f438f8ad0af1c4b88

Binary Packages
Size: MD5

flash-player-9.0.152.0-1.i586.rpm
3103080 eddb80c87c1ed1e432ea7c9393f8e4c8

References:

Adobe Systems
[APSB08-24]
http://www.adobe.com/support/security/bulletins/apsb08-24.html

CVE
[CVE-2008-5499]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5499

--------------------------------------------------------------------------
Revision History
24 Dec 2008 Initial release
--------------------------------------------------------------------------

Copyright(C) 2008 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklSDBsACgkQK0LzjOqIJMzUbgCgsNNd1dAbAiqQehGvrED6BH/H
WrsAn0xpFv1JTeT8hzNb42786bmbAPFo
=FeCe
-----END PGP SIGNATURE-----