ALT Linux sysadmins discussion
 help / color / mirror / Atom feed
From: Michael Shigorin <mike@osdn.org.ua>
To: sysadmins@lists.altlinux.org, community@lists.altlinux.org,
	sisyphus@lists.altlinux.org
Subject: [Sysadmins] Fwd: [4/5] Adobe Flash Player Multiple Vulnerabilities
Date: Thu, 12 Jul 2007 10:51:10 +0300
Message-ID: <20070712075110.GL1611@osdn.org.ua> (raw)

	Здравствуйте.
Если кому нужно пользоваться Flash -- сейчас рекомендую обновить
плагин, а вообще сильно рекомендую FlashBlock для мозиллообразных.

http://secunia.com/advisories/26027/

----- Forwarded message -----

Description:
Some vulnerabilities have been reported in Adobe Flash Player, which
can be exploited by malicious people to gain knowledge of sensitive
information or compromise a user's system.

1) An input validation error can be exploited to execute arbitrary code
when a user e.g. visits a malicious website.

The vulnerability affects versions 9.0.45.0 and prior.

2) An error within the interaction of Flash Player and certain browsers
can be exploited to leak key presses to a Flash Player applet.

The vulnerability affects versions 7.0.69.0 and prior on Linux and
Solaris. It does not affect Flash Player 9.

A bug has also been reported in the validation of the HTTP Referer in
versions 8.0.34.0 and prior, which may aid in e.g. CSRF (Cross-Site
Request Forgery) attacks.

Solution:
Apply updates.

Flash Player 9.0.45.0 and earlier (update to version 9.0.47.0):
http://www.adobe.com/go/getflash

[...]

----- End forwarded message -----

PS: заодно обращаю внимание пользователей Firefox, что в 2.x
два дня тому также найдена критичная уязвимость (неисправленная):

http://secunia.com/advisories/25984/

На Seamonkey (по факту куда оперативней поддерживается в ALT)
не воспроизводится.

PPS: кросспост, просьба отвечать максимум в одну рассылку.

-- 
 ---- WBR, Michael Shigorin <mike@altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/


             reply	other threads:[~2007-07-12  7:51 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-12  7:51 Michael Shigorin [this message]
2007-07-14 12:18 ` Olvin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070712075110.GL1611@osdn.org.ua \
    --to=mike@osdn.org.ua \
    --cc=community@lists.altlinux.org \
    --cc=shigorin@gmail.com \
    --cc=sisyphus@lists.altlinux.org \
    --cc=sysadmins@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux sysadmins discussion

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
		sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
	public-inbox-index sysadmins

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sysadmins


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git