| ||||||||||||||||
MeeGo alert MeeGo-SA-10:10 (flash-plugin)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== == MeeGo-SA-10:10.adobe Security Advisory MeeGo Project Topic: Multiple Vulnerabilities In Adobe Flash Category: Adobe Module: flash-plugin Announced: July 7, 2010 Affects: MeeGo 1.0 Corrected: July 7, 2010 MeeGo BID: 3678 CVE: CVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://www.MeeGo.com/>. I. Background - From Wikipedia: "The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software." II. Problem Description This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1297). This update resolves a memory exhaustion vulnerability that could lead to code execution (CVE-2009-3793). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2160). This update resolves an indexing vulnerability that could lead to code execution (CVE-2010-2161). This update resolves a heap corruption vulnerability that could lead to code execution (CVE-2010-2162). This update resolves multiple vulnerabilities that could lead to code execution (CVE-2010-2163). This update resolves a use after free vulnerability that could lead to code execution (CVE-2010-2164). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2165). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2166). This update resolves multiple heap overflow vulnerabilities that could lead to code execution (CVE-2010-2167). This update resolves a pointer memory corruption that could lead to code execution (CVE-2010-2169). This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2010-2170). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2171). This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2173). This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2174). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2175). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2176). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2177). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2178). This update resolves a URL parsing vulnerability that could lead to cross-site scripting (Firefox and Chrome browsers only) (CVE-2010-2179). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2180). This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2010-2181). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2182). This update resolves a integer overflow vulnerability that could lead to code execution (CVE-2010-2183). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2184). This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-2185). This update resolves a denial of service vulnerability that can cause the application to crash. Arbitrary code execution has not been demonstrated, but may be possible. (CVE-2010-2186). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2187). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2189). This update resolves a denial of service issue (CVE-2008-4546). III. Impact Various methods of creating memory corruption, buffer overflows, denial of service and arbitrary code execution. IV. Workaround None V. Solution Update to package meego-netbook-repo-1.0-11.1 and flash-plugin-10.1.53.64-release or later. VI. References http://bugs.meego.com/show_bug.cgi?id=3678 http://www.adobe.com/support/security/bulletins/apsb10-14... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) iQEcBAEBAgAGBQJMNOXcAAoJECxjfBlj7RcKhrgIAKuZD9r6k0NRY25IfTT4JfUf WCGdjz8NCBQguOVEOqFOGe8pySuqmxPPy1HUpFnKn/SBVQU2UoeQfJJAJ15XowUX 9kWNlrXyej+lR/f5RhTGvm7wS4ojFoJwnhNOdNh3GLFo5u8UB09dMNDX/qTX+O1m OpYZCp6i/Ni3TdE4etGxAqoXzOflrJ++mNIi7rgcbEvSOGjgggW5WatdYorolTSL 0NtFBzN0o4/Vyn7OHAEXENQkDrKXI5O4DXW8FkQjn2uCtZiaRGfHjjxDAYtC00FX HHZ4K/eT8AfM8I2Zw30UeMnSSWDF78PmhAMih63Ls57fDJyp32yEl01G7I0nZ3I= =8hxl -----END PGP SIGNATURE----- _______________________________________________ MeeGo-security mailing list MeeGo-security@meego.com http://lists.meego.com/listinfo/meego-security (Log in to post comments)
|
||||||||||||||||