Ranjivost programskog paketa Adobe Flash Player

Kod programskog paketa Adobe Flash Player uočen je novi sigurnosni nedostatak koji može dovesti do preuzimanje kontrole nad ranjivim sustavom.

Paket:	Flash Player 10.x
Operacijski sustavi:	SUSE Linux Enterprise Server (SLES) 10
Kritičnost:	1.6
Problem:	korupcija memorije
Iskorištavanje:	lokalno/udaljeno
Posljedica:	preuzimanje potpune kontrole nad sustavom
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-2110
Izvorni ID preporuke:	SUSE-SU-2011:0640-1
Izvor:	SUSE

Problem:
U radu ranjivog paketa javlja se problem korupcije memorije.
Posljedica:
Uspješni napadač može iskoristiti propust za preuzimanje kontrole nad sustavom i izvođenje napada uskraćivanja usluge (eng. Denial of Service).
Rješenje:
Svim se korisnicima ranjivog proizvoda preporuča odgovarajuća nadogradnja.

Izvorni tekst preporuke

   SUSE Security Update: flash-player
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0640-1
Rating:             critical
References:         #699942 
Cross-References:   CVE-2011-2110
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP1
                    SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________

   An update that fixes one vulnerability is now available. It
   includes one version update.

Description:


   A critical vulnerability has been identified in Adobe Flash
   Player  10.3.181.23 and earlier versions for Windows,
   Macintosh, Linux and Solaris,  and Adobe Flash Player
   10.3.185.23 and earlier versions for Android. This  memory
   corruption vulnerability (CVE-2011-2110) could cause a
   crash and  potentially allow an attacker to take control of
   the affected system. There  are reports that this
   vulnerability is being exploited in the wild in  targeted
   attacks via malicious Web pages.

   Security Issue references:

   * CVE-2011-2110
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2110
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-flash-player-4715

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 10.3.181.26]:

      flash-player-10.3.181.26-0.2.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 10.3.181.26]:

      flash-player-10.3.181.26-0.5.1


References:

   http://support.novell.com/security/cve/CVE-2011-2110.html
   https://bugzilla.novell.com/699942
  
http://download.novell.com/patch/finder/?keywords=3346ccf604c46cb248821ffe1c4cd5ba
  
http://download.novell.com/patch/finder/?keywords=c08bf73825177b7fc078941d64fa9d44

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Ranjivost programskog paketa Adobe Flash Player

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Ranjivost programskog paketa Adobe Flash Player

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti