Detalji

Kod programskog paketa flash-plugin, namijenjenog Red Hat Enterprise Linux 4 operacijskom sustavu, uočene su višestruke sigurnosne nepravilnosti u radu. Riječ je o Adobe Flash Player dodatku za Firefox web preglednik. Uspješna zloupotreba rezultira izvođenjem proizvoljnog programskog koda podmetanjem dugih nizova "ActionScript" metode ili posebno obrađenih fontova. Ostale mogućnosti iskorištavanja propusta uključuju pokretanje napada uskraćivanjem usluga (eng. Denial of Service) te ostvarivanje većih prava na sustavu. Za više detalja se preporuča pregled izvorne preporuke. Korisnici se upućuju na nadogradnju.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: flash-plugin - 1-Month End Of Life Notice
Advisory ID:       RHSA-2011:0259-01
Product:           Red Hat Enterprise Linux Extras
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2011-0259.html
Issue date:        2011-02-15
=====================================================================

1. Summary:

The flash-plugin package on Red Hat Enterprise Linux 4 contains multiple
security flaws and should no longer be used. This is the 1-month
notification of Red Hat's plans to disable Adobe Flash Player 9 on Red Hat
Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having critical
security impact.

2. Relevant releases/architectures:

Red Hat Desktop version 4 Extras - i386
Red Hat Enterprise Linux AS version 4 Extras - i386
Red Hat Enterprise Linux ES version 4 Extras - i386
Red Hat Enterprise Linux WS version 4 Extras - i386

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

Adobe Flash Player 9 is vulnerable to critical security flaws and should no
longer be used. A remote attacker could use these flaws to execute
arbitrary code with the privileges of the user running Flash Player 9.
(CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571,
CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577,
CVE-2011-0578, CVE-2011-0607, CVE-2011-0608)

Adobe is no longer providing security updates for Adobe Flash Player 9, and
is not providing a replacement Flash Player version compatible with Red Hat
Enterprise Linux 4.

In one month Red Hat plans to release an update for the flash-plugin
package that will prevent it from functioning. User wishing to continue
using Flash Player 9, despite the vulnerabilities, can add the flash-plugin
package to the up2date skip list. Refer to the following Red Hat
Knowledgebase article for instructions on adding a package to the up2date
skip list: https://access.redhat.com/kb/docs/DOC-1639

4. Solution:

This erratum contains a flash-plugin package with an updated version number
to ensure the distribution of this notice; however, no changes have been
made to the package.

5. Bugs fixed (http://bugzilla.redhat.com/):

676226 - CVE-2011-0558 CVE-2011-0559 CVE-2011-0560 CVE-2011-0561 CVE-2011-0571
CVE-2011-0572 CVE-2011-0573 CVE-2011-0574 CVE-2011-0575 CVE-2011-0577
CVE-2011-0578 CVE-2011-0607 CVE-2011-0608 flash-plugin: multiple code execution
flaws (APSB11-02)

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
flash-plugin-9.0.289.0-2.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
flash-plugin-9.0.289.0-2.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
flash-plugin-9.0.289.0-2.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
flash-plugin-9.0.289.0-2.el4.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://access.redhat.com/security/updates/classification/#critical
http://kb2.adobe.com/cps/406/kb406791.html
https://access.redhat.com/kb/docs/DOC-1639

8. Contact:

The Red Hat security contact is <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNWtYUXlSAg2UNWIIRAnV4AKC+tA+zJiAwrg7Zn5Cg6hK6sEgbuQCfUNNi
wSiCNZd0QstlfxKS93iSahU=
=rvsA
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

Idi na vrh