[Full-Disclosure] GLSA: netscape-flash (200303-9)

From: Daniel Ahlberg (aliz@gentoo.org)
Date: 03/09/03

  • Next message: aeonflux: "Re: [Full-Disclosure] SSH/OPENSSH HOLE ALL VERSIONS." 
    From: Daniel Ahlberg <aliz@gentoo.org>
To: full-disclosure@lists.netsys.com
Date: Sun, 9 Mar 2003 02:56:33 +0100

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - - ---------------------------------------------------------------------
    GENTOO LINUX SECURITY ANNOUNCEMENT 200303-9
    - - ---------------------------------------------------------------------

              PACKAGE : netscape-flash
              SUMMARY : buffer overflow
                 DATE : 2003-03-09 01:56 UTC
              EXPLOIT : remote
    VERSIONS AFFECTED : <6.0.79
        FIXED VERSION : =>6.0.79
                  CVE :

    - - ---------------------------------------------------------------------

    - From advisory:
    "The cumulative security patch is available today and addresses the
    potential for exploits surrounding buffer overflows (read/write) and
    sandbox integrity within the player, which might allow malicious users
    to gain access to a user's computer. The possibility of running native
    code on a users machine is a theoretical exploit, and extremely
    difficult to execute in practice. There are no known examples of
    running such native code from Macromedia Flash movies; however, even
    though this issue is difficult and theoretical in nature only, we
    are encouraging users to upgrade."

    Read the full advisory at:
    http://www.macromedia.com/v1/handlers/index.cfm?ID=23821

    SOLUTION

    It is recommended that all Gentoo Linux users who are running
    net-www/netscape-flash upgrade to netscape-flash-6.0.79 as follows:

    emerge sync
    emerge netscape-flash
    emerge clean

    - - ---------------------------------------------------------------------
    aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
    - - ---------------------------------------------------------------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iD8DBQE+ap9HfT7nyhUpoZMRAlRuAJ4oOZYqilO1mRTGJW70KA1JI20CuQCggBp3
    UGP5R8pxURyGTPEVsbstJMI=
    =dyfL
    -----END PGP SIGNATURE-----
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: aeonflux: "Re: [Full-Disclosure] SSH/OPENSSH HOLE ALL VERSIONS."

    Relevant Pages

    • [Full-Disclosure] GLSA: man (200303-13)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge sync ...
      (Full-Disclosure)
    • GLSA: evolution (200303-18)
      ... GENTOO LINUX SECURITY ANNOUNCEMENT 200303-18 ... "Three vulnerabilities were found that could lead to various forms of ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ...
      (Bugtraq)
    • [Full-Disclosure] GLSA: evolution (200303-18)
      ... GENTOO LINUX SECURITY ANNOUNCEMENT 200303-18 ... "Three vulnerabilities were found that could lead to various forms of ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ...
      (Full-Disclosure)
    • GLSA: apache (200310-04)
      ... GENTOO LINUX SECURITY ANNOUNCEMENT 200310-04 ... available and encourage users of all prior versions to upgrade. ... It is recommended that all Gentoo Linux users who are running ... emerge '>=net-www/apache-2.0.48' ...
      (Bugtraq)
    • GLSA: man (200303-13)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge sync ...
      (Bugtraq)
    • Quantcast