From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Thu, 12 Jul 2007 10:51:10 +0300 From: Michael Shigorin To: sysadmins@lists.altlinux.org, community@lists.altlinux.org, sisyphus@lists.altlinux.org Message-ID: <20070712075110.GL1611@osdn.org.ua> Mail-Followup-To: sysadmins@lists.altlinux.org, community@lists.altlinux.org, sisyphus@lists.altlinux.org Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.4.2.1i Subject: [Sysadmins] Fwd: [4/5] Adobe Flash Player Multiple Vulnerabilities X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.9rc1 Precedence: list Reply-To: shigorin@gmail.com, ALT Linux sysadmin discuss List-Id: ALT Linux sysadmin discuss List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2007 07:46:47 -0000 Archived-At: List-Archive: Здравствуйте. Если кому нужно пользоваться Flash -- сейчас рекомендую обновить плагин, а вообще сильно рекомендую FlashBlock для мозиллообразных. http://secunia.com/advisories/26027/ ----- Forwarded message ----- Description: Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system. 1) An input validation error can be exploited to execute arbitrary code when a user e.g. visits a malicious website. The vulnerability affects versions 9.0.45.0 and prior. 2) An error within the interaction of Flash Player and certain browsers can be exploited to leak key presses to a Flash Player applet. The vulnerability affects versions 7.0.69.0 and prior on Linux and Solaris. It does not affect Flash Player 9. A bug has also been reported in the validation of the HTTP Referer in versions 8.0.34.0 and prior, which may aid in e.g. CSRF (Cross-Site Request Forgery) attacks. Solution: Apply updates. Flash Player 9.0.45.0 and earlier (update to version 9.0.47.0): http://www.adobe.com/go/getflash [...] ----- End forwarded message ----- PS: заодно обращаю внимание пользователей Firefox, что в 2.x два дня тому также найдена критичная уязвимость (неисправленная): http://secunia.com/advisories/25984/ На Seamonkey (по факту куда оперативней поддерживается в ALT) не воспроизводится. PPS: кросспост, просьба отвечать максимум в одну рассылку. -- ---- WBR, Michael Shigorin ------ Linux.Kiev http://www.linux.kiev.ua/