[securityzone@macromedia.com: Macromedia Security Bulletins]

noreply_at_securityfocus.com
Date: 11/16/05

  • Next message: Andrei Mikhailovsky: "Authentication vulnerability in Belkin wireless devices"
    Date: Tue, 15 Nov 2005 16:47:03 -0700
    To: bugtraq@securityfocus.com
    
    

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Macromedia Security Bulletins:

    - Contribute Publishing Server
    - Flash Communication Server
    - Breeze Communication Server and Breeze Live Server
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    MPSB05-08 Contribute Publishing Server Password Encryption

    Summary:

    Macromedia Contribute Publishing Server (CPS) 1.11 includes
    a security update that addresses an issue related to user
    password encryption in connection keys that use shared FTP
    login credentials.

    Solution:

    Macromedia CPS customers should upgrade their licensed
    software to Macromedia CPS 1.11, which includes the product
    fix to this issue.

    Learn more:
    http://www.macromedia.com/go/mpsb05-08

    Contribute Publishing Server Support Center:
    http://www.macromedia.com/support/cps/downloads.html
     
    ~~~~~~~

    MPSB05-09 Security Patch for Insufficient Validation
    in Flash Communication Server

    Summary:

    Macromedia Flash Communication Server MX does not
    sufficiently validate some RTMP data. This can cause
    server instability or crashes.

    Solution:

    Macromedia has released an update patch that can be
    downloaded and installed on the server.

    Learn more:
    http://www.macromedia.com/go/mpsb05-09

    Flash Media Server Support Center:
    http://www.macromedia.com/go/fcs_updater

    ~~~~~~~

    MPSB05-10 Security Patch for Insufficient Validation
    in Breeze Communication Server and Breeze Live Server
     
    Summary:

    The Breeze Communication Server and Breeze Live Server
    do not sufficiently validate some RTMP data. This can
    cause server instability or crashes for licensed customers.

    Solution:

    Macromedia has released an update patch that can be
    downloaded and installed on the server.

    Learn more:
    http://www.macromedia.com/go/mpsb05-10

    Breeze Support Center:
    http://www.macromedia.com/go/breeze_licensed

    ~~~~~~~

    Receiving Security Bulletins:

    When Macromedia becomes aware of a security issue that we
    believe significantly affects our products or customers,
    we will notify customers when appropriate. Typically this
    notification will be in the form of a security bulletin
    explaining the issue and the response. Macromedia customers
    who would like to receive notification of new security
    bulletins when they are released can sign up for our
    security notification service.

    For additional information on security issues at Macromedia,
    please visit:
    www.macromedia.com/resources/security

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS OR FIXES
    PROVIDED BY MACROMEDIA IN THIS BULLETIN ARE PROVIDED "AS IS"
    WITHOUT WARRANTY OF ANY KIND. MACROMEDIA AND ITS SUPPLIERS
    DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR
    OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND
    FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO WARRANTY
    OF NON-INFRINGEMENT, TITLE OR QUIET ENJOYMENT. (USA ONLY)
    SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES,
    SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU.

    IN NO EVENT SHALL MACROMEDIA, INC. OR ITS SUPPLIERS BE
    LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT
    LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
    SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS
    INTERRUPTION OR THE LIKE, OR LOSS OF BUSINESS DAMAGES,
    BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF
    CONTRACT, BREACH OF WARRANTY, TORT(INCLUDING NEGLIGENCE),
    PRODUCT LIABILITY OR OTHERWISE, EVEN IF MACROMEDIA, INC.
    OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN
    ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY)
    SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF
    LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE
    ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU AND
    YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE
    TO STATE.
      
    Macromedia reserves the right, from time to time, to update
    the information in this document with current information.
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Macromedia Support, Privacy, and Unsubscribe Information
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Macromedia Support:
    http://www.macromedia.com/support/

    Macromedia and your privacy:
    http://www.macromedia.com/help/privacy.html

    Contact Macromedia:
    Thank you for your continued interest in Macromedia products.
    If you'd rather not receive updates about events, classes, or
    products, write to newsflash@hvm.macromedia.com and type
    "no thanks" in the Subject line. You may also change your
    communication preferences by visiting this web page:

    Macromedia, 601 Townsend St., San Francisco, California 94103


  • Next message: Andrei Mikhailovsky: "Authentication vulnerability in Belkin wireless devices"

    Relevant Pages

    • Multiple Vendor SOAP server array DoS
      ... Macromedia ColdFusion/MX 6.0 and 6.1 ... (formerly Sun ONE Application Server) ... Releases prior to Sun Java System Application Server 7.0 are ... and probably other SOAP servers ...
      (Bugtraq)
    • Re: Contribute vs CMS
      ... I'd say, start with server specifications. ... it needs an application server (Macromedia ... compare the costs and labor requirements of operating the server. ...
      (comp.lang.php)
    • Re: Options for real-time plotting of server-side data?
      ... > generating swf files at the server (using the Macromedia provided chart ... > Macromedia at the server. ... You don't need anything rom Macromedia to generate SWF files. ...
      (comp.infosystems.www.authoring.html)
    • security-basics Digest of: get.123_145
      ... VPN to ASP a security risk? ... Re: Multiple IPSec tunnels? ... Subject: Security NT Server ... VPN to ASP a security risk? ...
      (Security-Basics)
    • Re: << SBS News of the week - Sept 26 >>
      ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
      (microsoft.public.backoffice.smallbiz2000)