* [sisyphus] Fwd: [4/5] Adobe Flash Player Multiple Vulnerabilities
@ 2007-07-12 7:51 Michael Shigorin
2007-07-12 8:08 ` Alex Myltsev
0 siblings, 1 reply; 4+ messages in thread
From: Michael Shigorin @ 2007-07-12 7:51 UTC (permalink / raw)
To: sysadmins, community, sisyphus
Здравствуйте.
Если кому нужно пользоваться Flash -- сейчас рекомендую обновить
плагин, а вообще сильно рекомендую FlashBlock для мозиллообразных.
http://secunia.com/advisories/26027/
----- Forwarded message -----
Description:
Some vulnerabilities have been reported in Adobe Flash Player, which
can be exploited by malicious people to gain knowledge of sensitive
information or compromise a user's system.
1) An input validation error can be exploited to execute arbitrary code
when a user e.g. visits a malicious website.
The vulnerability affects versions 9.0.45.0 and prior.
2) An error within the interaction of Flash Player and certain browsers
can be exploited to leak key presses to a Flash Player applet.
The vulnerability affects versions 7.0.69.0 and prior on Linux and
Solaris. It does not affect Flash Player 9.
A bug has also been reported in the validation of the HTTP Referer in
versions 8.0.34.0 and prior, which may aid in e.g. CSRF (Cross-Site
Request Forgery) attacks.
Solution:
Apply updates.
Flash Player 9.0.45.0 and earlier (update to version 9.0.47.0):
http://www.adobe.com/go/getflash
[...]
----- End forwarded message -----
PS: заодно обращаю внимание пользователей Firefox, что в 2.x
два дня тому также найдена критичная уязвимость (неисправленная):
http://secunia.com/advisories/25984/
На Seamonkey (по факту куда оперативней поддерживается в ALT)
не воспроизводится.
PPS: кросспост, просьба отвечать максимум в одну рассылку.
--
---- WBR, Michael Shigorin <mike@altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-07-12 8:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-07-12 7:51 [sisyphus] Fwd: [4/5] Adobe Flash Player Multiple Vulnerabilities Michael Shigorin
2007-07-12 8:08 ` Alex Myltsev
2007-07-12 8:21 ` Anton Farygin
2007-07-12 8:30 ` Michael Shigorin
ALT Linux Sisyphus discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus/0 sisyphus/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus sisyphus/ http://lore.altlinux.org/sisyphus \
sisyphus@altlinux.ru sisyphus@altlinux.org sisyphus@lists.altlinux.org sisyphus@lists.altlinux.ru sisyphus@lists.altlinux.com sisyphus@linuxteam.iplabs.ru sisyphus@list.linux-os.ru
public-inbox-index sisyphus
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git