Uočeni višestruki propusti programskog paketa Flash Player

U radu programskog paketa Flash Player uočeno je više sigurnosnih ranjivosti. Napadač ih može iskoristiti za zaobilaženje ograničenja, napad uskraćivanjem usluga te proizvoljno pokretanje programskog koda.

Paket:	Flash Player 10.x
Operacijski sustavi:	SUSE Linux Enterprise Desktop 10, SUSE Linux Enterprise Desktop 11
Kritičnost:	10
Problem:	pogreška u programskoj komponenti, preljev međuspremnika
Iskorištavanje:	udaljeno
Posljedica:	proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS), zaobilaženje postavljenih ograničenja
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460
Izvorni ID preporuke:	SUSE-SU-2011:1244-1
Izvor:	SUSE

Problem:
Dvije sigurnosne ranjivosti uzrokovane su preljevom međuspremnika, dok su preostale posljedica pogrešaka u pojedinim programskim komponentama. Za više detalja preporuča se pregled izvorne preporuke.
Posljedica:
Nedostatke može iskoristiti udaljeni napadač za izvođenje DoS napada, zaobilaženje postavljenih ograničenja ili proizvoljno izvršavanje programskog koda.
Rješenje:
Svim korisnicima se savjetuje korištenje dostupne programske nadogradnje koja otklanja opisane propuste.

Izvorni tekst preporuke

   SUSE Security Update: Security update for flash-player
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1244-1
Rating:             critical
References:         #729797 
Cross-References:   CVE-2011-2445 CVE-2011-2450 CVE-2011-2451
                    CVE-2011-2452 CVE-2011-2453 CVE-2011-2454
                    CVE-2011-2455 CVE-2011-2456 CVE-2011-2457
                    CVE-2011-2458 CVE-2011-2459 CVE-2011-2460
                   
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP1
                    SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________

   An update that fixes 12 vulnerabilities is now available.
   It includes one version update.

Description:


   flash-player update to version 11.1.102.55 to fix the
   following critical  security issues:

   CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,
   CVE-2011-2453,  CVE-2011-2454, CVE-2011-2455,
   CVE-2011-2456, CVE-2011-2457, CVE-2011-2458,
   CVE-2011-2459, CVE-2011-2460

   Security Issue references:

   * CVE-2011-2445
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2445
   >
   * CVE-2011-2450
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2450
   >
   * CVE-2011-2451
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2451
   >
   * CVE-2011-2452
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2452
   >
   * CVE-2011-2453
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2453
   >
   * CVE-2011-2454
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2454
   >
   * CVE-2011-2455
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2455
   >
   * CVE-2011-2456
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2456
   >
   * CVE-2011-2457
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2457
   >
   * CVE-2011-2458
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2458
   >
   * CVE-2011-2459
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2459
   >
   * CVE-2011-2460
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2460
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-flash-player-5413

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 10.3.183.11]:

      flash-player-10.3.183.11-0.2.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 10.3.183.11]:

      flash-player-10.3.183.11-0.5.1


References:

   http://support.novell.com/security/cve/CVE-2011-2445.html
   http://support.novell.com/security/cve/CVE-2011-2450.html
   http://support.novell.com/security/cve/CVE-2011-2451.html
   http://support.novell.com/security/cve/CVE-2011-2452.html
   http://support.novell.com/security/cve/CVE-2011-2453.html
   http://support.novell.com/security/cve/CVE-2011-2454.html
   http://support.novell.com/security/cve/CVE-2011-2455.html
   http://support.novell.com/security/cve/CVE-2011-2456.html
   http://support.novell.com/security/cve/CVE-2011-2457.html
   http://support.novell.com/security/cve/CVE-2011-2458.html
   http://support.novell.com/security/cve/CVE-2011-2459.html
   http://support.novell.com/security/cve/CVE-2011-2460.html
   https://bugzilla.novell.com/729797
  
http://download.novell.com/patch/finder/?keywords=7672429bea5968bf9bb609fe9aee6ff2
  
http://download.novell.com/patch/finder/?keywords=b3a0a701db9d82c8a67829192d261f23

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Uočeni višestruki propusti programskog paketa Flash Player

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Uočeni višestruki propusti programskog paketa Flash Player

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti