| |||||||||||||||||||
Pardus alert 2010-37 (flashplugin)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-37 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-02-25 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in Flashplugin, which can be used by malicious people to possibly 1) cause denial of service 2) make cross domain requests Description =========== CVE-2010-0186: Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. CVE-2010-0187: Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file. Affected packages: Pardus 2009: flashplugin, all before 10.0.45.2-25-6 Resolution ========== There are update(s) for flashplugin. You can update them via Package Manager or with a single command from console: pisi up flashplugin References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=12309 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||