U radu programskog paketa Flash Player uočen je novi propust koji napadačima može omogućiti pokretanje napada uskraćivanja usluge te preuzimanje potpune kontrole nad ranjivim sustavom.
Paket:
Flash Player 10.x
Operacijski sustavi:
openSUSE 11.3, openSUSE 11.4
Kritičnost:
1.6
Problem:
korupcija memorije
Iskorištavanje:
lokalno/udaljeno
Posljedica:
preuzimanje potpune kontrole nad sustavom, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-2110
Izvorni ID preporuke:
openSUSE-SU-2011:0637-1
Izvor:
SUSE
Problem:
Do sigurnosnog nedostatka dolazi zbog pojave korupcije memorije.
Posljedica:
Uspješno iskorištavanje propusta može dovesti do izvođenja DoS napada i potencijalno omogućiti napadačima preuzimanje kontrole nad ranjivim sustavom.
Rješenje:
Kako do spomenutog propusta ne bi došlo, svi se korisnici upućuju na primjenu dostupnih programskih rješenja.
openSUSE Security Update: flash-player: Update to 10.3.181.26
______________________________________________________________________________
Announcement ID: openSUSE-SU-2011:0637-1
Rating: critical
References: #699942
Cross-References: CVE-2011-2110
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________
An update that fixes one vulnerability is now available. It
includes one version update.
Description:
A critical vulnerability has been identified in Adobe Flash
Player 10.3.181.23 and earlier versions for Windows,
Macintosh, Linux and Solaris, and Adobe Flash Player
10.3.185.23 and earlier versions for Android. This memory
corruption vulnerability (CVE-2011-2110) could cause a
crash and potentially allow an attacker to take control of
the affected system. There are reports that this
vulnerability is being exploited in the wild in targeted
attacks via malicious Web pages.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch flash-player-4716
- openSUSE 11.3:
zypper in -t patch flash-player-4716
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586) [New Version: 10.3.181.26]:
flash-player-10.3.181.26-0.2.1
- openSUSE 11.3 (i586) [New Version: 10.3.181.26]:
flash-player-10.3.181.26-0.2.1
References:
http://support.novell.com/security/cve/CVE-2011-2110.html
https://bugzilla.novell.com/699942
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke