From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mike@fly.osdn.org.ua>
Date: Thu, 12 Jul 2007 10:51:10 +0300
From: Michael Shigorin <mike@osdn.org.ua>
To: sysadmins@lists.altlinux.org, community@lists.altlinux.org,
	sisyphus@lists.altlinux.org
Message-ID: <20070712075110.GL1611@osdn.org.ua>
Mail-Followup-To: sysadmins@lists.altlinux.org,
	community@lists.altlinux.org, sisyphus@lists.altlinux.org
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.4.2.1i
Subject: [sisyphus] Fwd: [4/5] Adobe Flash Player Multiple Vulnerabilities
X-BeenThere: sisyphus@lists.altlinux.org
X-Mailman-Version: 2.1.9rc1
Precedence: list
Reply-To: shigorin@gmail.com,
	ALT Linux Sisyphus discussion list <sisyphus@lists.altlinux.org>
List-Id: ALT Linux Sisyphus discussion list <sisyphus.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus>
List-Post: <mailto:sisyphus@lists.altlinux.org>
List-Help: <mailto:sisyphus-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2007 07:46:47 -0000
Archived-At: <http://lore.altlinux.org/sisyphus/20070712075110.GL1611@osdn.org.ua/>
List-Archive: <http://lore.altlinux.org/sisyphus/>
List-Post: <mailto:sisyphus@altlinux.ru>

	Здравствуйте.
Если кому нужно пользоваться Flash -- сейчас рекомендую обновить
плагин, а вообще сильно рекомендую FlashBlock для мозиллообразных.

http://secunia.com/advisories/26027/

----- Forwarded message -----

Description:
Some vulnerabilities have been reported in Adobe Flash Player, which
can be exploited by malicious people to gain knowledge of sensitive
information or compromise a user's system.

1) An input validation error can be exploited to execute arbitrary code
when a user e.g. visits a malicious website.

The vulnerability affects versions 9.0.45.0 and prior.

2) An error within the interaction of Flash Player and certain browsers
can be exploited to leak key presses to a Flash Player applet.

The vulnerability affects versions 7.0.69.0 and prior on Linux and
Solaris. It does not affect Flash Player 9.

A bug has also been reported in the validation of the HTTP Referer in
versions 8.0.34.0 and prior, which may aid in e.g. CSRF (Cross-Site
Request Forgery) attacks.

Solution:
Apply updates.

Flash Player 9.0.45.0 and earlier (update to version 9.0.47.0):
http://www.adobe.com/go/getflash

[...]

----- End forwarded message -----

PS: заодно обращаю внимание пользователей Firefox, что в 2.x
два дня тому также найдена критичная уязвимость (неисправленная):

http://secunia.com/advisories/25984/

На Seamonkey (по факту куда оперативней поддерживается в ALT)
не воспроизводится.

PPS: кросспост, просьба отвечать максимум в одну рассылку.

-- 
 ---- WBR, Michael Shigorin <mike@altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/