U radu programskog paketa flash-player uočeno je nekoliko sigurnosnih propusta koje udaljeni napadač može iskoristiti za izvođenje DoS napada, pokretanje proizvoljnog programskog koda, zaobilaženje ograničenja, otkrivanje osjetljivih podataka te umetanje proizvoljne web skripte ili HTML koda.

   SUSE Security Update: Security update for flash-player
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1063-1
Rating:             important
References:         #719400 
Cross-References:   CVE-2011-2426 CVE-2011-2427 CVE-2011-2428
                    CVE-2011-2429 CVE-2011-2430 CVE-2011-2444
                   
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP1
                    SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________

   An update that fixes 6 vulnerabilities is now available. It
   includes one version update.

Description:


   This update resolves

   *

   a universal cross-site scripting issue that could be
   used to take actions on a user's behalf on any website or
   webmail provider if the user visits a malicious website
   (CVE-2011-2444).

   Note: There are reports that this issue is being
   exploited in the wild in active targeted attacks designed
   to trick the user into clicking on a malicious link
   delivered in an email message.

   *

   an AVM stack overflow issue that may allow for remote
   code execution. (CVE-2011-2426).

   *

   an AVM stack overflow issue that may lead to denial
   of service and code execution. (CVE-2011-2427).

   *

   a logic error issue which causes a browser crash and
   may lead to code execution. (CVE-2011- 2428).

   *

   a Flash Player security control bypass which could
   allow information disclosure. (CVE-2011-2429).

   *

   a streaming media logic error vulnerability which
   could lead to code execution. (CVE-2011-2430).

   Security Issue references:

   * CVE-2011-2426
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2426
   >
   * CVE-2011-2427
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2427
   >
   * CVE-2011-2428
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2428
   >
   * CVE-2011-2429
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2429
   >
   * CVE-2011-2430
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2430
   >
   * CVE-2011-2444
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2444
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-flash-player-5184

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 10.3.183.10]:

      flash-player-10.3.183.10-0.2.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 10.3.183.10]:

      flash-player-10.3.183.10-0.5.1


References:

   http://support.novell.com/security/cve/CVE-2011-2426.html
   http://support.novell.com/security/cve/CVE-2011-2427.html
   http://support.novell.com/security/cve/CVE-2011-2428.html
   http://support.novell.com/security/cve/CVE-2011-2429.html
   http://support.novell.com/security/cve/CVE-2011-2430.html
   http://support.novell.com/security/cve/CVE-2011-2444.html
   https://bugzilla.novell.com/719400
  
http://download.novell.com/patch/finder/?keywords=9a5ead7b67f842c5fc560751187bbece
  
http://download.novell.com/patch/finder/?keywords=e356cf76b24484e7a3a2903c07144dcd

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.