|
|
Subscribe / Log in / New account

Pardus alert 2010-37 (flashplugin)



From:
    	      Eren Turkay <eren@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2010-37] Flashplugin: Multiple
	Vulnerabilities 


Date:
    	      Thu, 25 Feb 2010 06:47:55 +0200 (EET)


Message-ID:
    	      <20100225044755.F4055A7AB4C@lider.pardus.org.tr>



------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-37            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-02-25
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities have been fixed in Flashplugin, which  can  be 
used by malicious people to possibly 1) cause denial of service 2) make 
cross domain requests 


Description
===========

CVE-2010-0186: 

Cross-domain vulnerability in Adobe Flash Player before  10.0.45.2  and 
Adobe AIR before 1.5.3.9130 allows remote attackers to bypass  intended 
sandbox 

restrictions and make cross-domain requests via unspecified vectors. 



CVE-2010-0187: 

Adobe Flash Player before 10.0.45.2 and  Adobe  AIR  before  1.5.3.9130 
allow remote attackers to cause a denial of service (application crash) 
via a 

modified SWF file. 


Affected packages:

  Pardus 2009:
    flashplugin, all before 10.0.45.2-25-6


Resolution
==========

There are update(s) for flashplugin. You can update  them  via  Package 
Manager or with a single command from console: 

    pisi up flashplugin

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=12309
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds