Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201001-02 ] Adobe Flash Player: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1471

PostPosted: Sun Jan 03, 2010 6:26 pm    Post subject: [ GLSA 201001-02 ] Adobe Flash Player: Multiple vulnerabilit Reply with quote

Gentoo Linux Security Advisory

Title: Adobe Flash Player: Multiple vulnerabilities (GLSA 201001-02)
Severity: normal
Exploitable: remote
Date: January 03, 2010
Bug(s): #296407
ID: 201001-02

Synopsis


Multiple vulnerabilities in Adobe Flash Player might allow remote attackers
to execute arbitrary code or cause a Denial of Service.


Background


The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.


Affected Packages

Package: www-plugins/adobe-flash
Vulnerable: < 10.0.42.34
Unaffected: >= 10.0.42.34
Architectures: All supported architectures


Description


Multiple vulnerabilities have been discovered in Adobe Flash Player:
  • An anonymous researcher working with the Zero Day
    Initiative reported that Adobe Flash Player does not properly process
    JPEG files (CVE-2009-3794).
  • Jim Cheng of EffectiveUI reported
    an unspecified data injection vulnerability (CVE-2009-3796).
  • Bing Liu of Fortinet's FortiGuard Labs reported multiple
    unspecified memory corruption vulnerabilities (CVE-2009-3797,
    CVE-2009-3798).
  • Damian Put reported an integer overflow in the
    Verifier::parseExceptionHandlers() function (CVE-2009-3799).
  • Will Dormann of CERT reported multiple unspecified Denial of
    Service vulnerabilities (CVE-2009-3800).


Impact


A remote attacker could entice a user to open a specially crafted SWF
file, possibly resulting in the remote execution of arbitrary code with
the privileges of the user running the application, or a Denial of
Service via unknown vectors.


Workaround


There is no known workaround at this time.


Resolution


All Adobe Flash Player users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.0.42.34"


References

CVE-2009-3794
CVE-2009-3796
CVE-2009-3797
CVE-2009-3798
CVE-2009-3799
CVE-2009-3800
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum