VARIoT IoT vulnerabilities database
| VAR-201305-0371 | No CVE | Trend Micro DirectPass Local command injection vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Trend Micro DirectPass is a password management solution. The Trend Micro DirectPass master password setting module (InstallWorkspace.exe) has a security vulnerability. For security reasons, the master password setting module allows for the review of included passwords. When the user hovers over the password field to be examined, hiding the protected master password is displayed in the check module. The software has command/path injection when processing the hidden password. Can cause arbitrary OS commands to be executed in a software context. A local attacker can exploit the vulnerability to execute arbitrary commands with high privileges. Successful exploits may compromise the affected application
| VAR-201305-0274 | CVE-2013-1175 | ** Delete ** Cisco ACE of Application Control Engine Service disruption in modules (DoS) Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This issue was announced by the vendor and later withdrawn because it was not a vulnerability. Notes: none. Cisco ACE of Application Control Engine Module SSL Logging daemon has a service disruption ( Disc exhaustion ) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCug78957 It is released as.Log entry by a third party (log entry) Induce a large amount of SSL Service disruption by establishing a connection ( Disc exhaustion ) There is a possibility of being put into a state.
An attacker can exploit this issue to cause denial-of-service conditions.
This issue is being tracked by Cisco Bug IDs CSCug78957
| VAR-201305-0266 | CVE-2013-1188 | Cisco Unified Communications Manager Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. ( Application slowdown ) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCud39515 It is released as.Service disruption by a third party through a series of requests ( Application slowdown ) There is a possibility of being put into a state.
Attackers can exploit this issue to cause a denial of service condition.
This issue is being tracked by Cisco Bug ID CSCud39515. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution
| VAR-201305-0117 | CVE-2013-1244 | Cisco WebEx Social of portal Module cross-site scripting vulnerability |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199. Cisco WebEx Social of portal The module contains a cross-site scripting vulnerability. Cisco WebEx is a sharing and conferencing application for Microsoft Windows, Linux, and Mac OS X.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This issue is being tracked by the Cisco Bug ID CSCue67199. Cisco WebEx Social is an enterprise collaboration system platform of Cisco (Cisco). The system platform provides functions such as voice, video, applications (Web conferencing applications, messaging applications, mobile applications) and enterprise social software
| VAR-201305-0118 | CVE-2013-1245 | Cisco WebEx Social Vulnerability that bypasses access restrictions on user management pages |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190. Vendors have confirmed this vulnerability Bug ID CSCue67190 It is released as.Remotely authenticated users could bypass access restrictions through crafted requests. Cisco WebEx Social is prone to multiple security-bypass vulnerabilities.
Attackers can exploit these issues to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks.
This issue is being tracked by the Cisco Bug ID CSCue67190. Cisco WebEx Social is an enterprise collaboration system platform of Cisco (Cisco). The system platform provides functions such as voice, video, applications (Web conferencing applications, messaging applications, mobile applications) and enterprise social software
| VAR-201305-0370 | No CVE | Fujitsu Lifebook A512 Multiple Search Paths Handle Local Privilege Escalation Vulnerabilities |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
The Fujitsu Lifebook A512 is a notebook device. Fujitsu Lifebook A512 multiple pre-installers use unquoted search paths in UninstallString, allowing an attacker to exploit a vulnerability to build a malicious file and name it \"Program.exe\" in the system root directory, which can be high at system startup Permission to execute. These programs include Norton Internet Security, FJ Camera, Management Engine Driver for Intel and OpenCL SDK. Local attackers can exploit the vulnerability to escalate permissions
| VAR-201305-0292 | CVE-2013-2728 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could entice a user to open specially crafted SWF
content, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Furthermore, a remote attacker may be able to bypass access
restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310"
References
==========
[ 1 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 2 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 3 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 4 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 5 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 6 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 7 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 8 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 9 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 10 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 11 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 12 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 13 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 14 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 15 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 16 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 17 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 18 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 19 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 20 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 21 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 22 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 23 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 24 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 25 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 26 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 27 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 28 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 29 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 30 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 31 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 32 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 33 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 34 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 35 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 36 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 37 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 38 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 39 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 40 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 41 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 42 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 43 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 44 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 45 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 46 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 47 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 48 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 49 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 50 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 51 ] CVE-2012-5274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274
[ 52 ] CVE-2012-5275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275
[ 53 ] CVE-2012-5276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276
[ 54 ] CVE-2012-5277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277
[ 55 ] CVE-2012-5278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278
[ 56 ] CVE-2012-5279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279
[ 57 ] CVE-2012-5280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280
[ 58 ] CVE-2012-5676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676
[ 59 ] CVE-2012-5677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677
[ 60 ] CVE-2012-5678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678
[ 61 ] CVE-2013-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504
[ 62 ] CVE-2013-0630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630
[ 63 ] CVE-2013-0633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633
[ 64 ] CVE-2013-0634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634
[ 65 ] CVE-2013-0637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637
[ 66 ] CVE-2013-0638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638
[ 67 ] CVE-2013-0639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639
[ 68 ] CVE-2013-0642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642
[ 69 ] CVE-2013-0643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643
[ 70 ] CVE-2013-0644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644
[ 71 ] CVE-2013-0645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645
[ 72 ] CVE-2013-0646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646
[ 73 ] CVE-2013-0647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647
[ 74 ] CVE-2013-0648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648
[ 75 ] CVE-2013-0649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649
[ 76 ] CVE-2013-0650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650
[ 77 ] CVE-2013-1365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365
[ 78 ] CVE-2013-1366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366
[ 79 ] CVE-2013-1367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367
[ 80 ] CVE-2013-1368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368
[ 81 ] CVE-2013-1369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369
[ 82 ] CVE-2013-1370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370
[ 83 ] CVE-2013-1371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371
[ 84 ] CVE-2013-1372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372
[ 85 ] CVE-2013-1373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373
[ 86 ] CVE-2013-1374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374
[ 87 ] CVE-2013-1375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375
[ 88 ] CVE-2013-1378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378
[ 89 ] CVE-2013-1379
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379
[ 90 ] CVE-2013-1380
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380
[ 91 ] CVE-2013-2555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555
[ 92 ] CVE-2013-2728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728
[ 93 ] CVE-2013-3343
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343
[ 94 ] CVE-2013-3344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344
[ 95 ] CVE-2013-3345
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345
[ 96 ] CVE-2013-3347
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347
[ 97 ] CVE-2013-3361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361
[ 98 ] CVE-2013-3362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362
[ 99 ] CVE-2013-3363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363
[ 100 ] CVE-2013-5324
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201305-0208 | CVE-2013-3335 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 ,and CVE-2013-3334 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0207 | CVE-2013-3334 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0204 | CVE-2013-3333 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0200 | CVE-2013-3329 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0203 | CVE-2013-3332 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0202 | CVE-2013-3331 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0201 | CVE-2013-3330 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0199 | CVE-2013-3328 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0198 | CVE-2013-3327 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0197 | CVE-2013-3326 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0196 | CVE-2013-3325 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0192 | CVE-2013-3324 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201306-0226 | CVE-2013-1862 | Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. Apache HTTP Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary commands in the context of the application.
Release Date: 2013-09-18
Last Updated: 2013-09-18
Potential Security Impact: Remote execution of arbitrary code and Denial of
Service (DoS).
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX Apache Web
Server. These vulnerabilities could be exploited remotely to execute
arbitrary code or create a Denial of Service (DoS).
References: CVE-2013-1862, CVE-2013-1896 (SSRT101288)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.27 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2013-1862 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1
CVE-2013-1896 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the
vulnerabilities.
The updates are available for download from http://software.hp.com
HP-UX Web Server Suite v3.28 containing Apache v2.2.15.16 HP-UX 11i Release
Apache Depot name
B.11.23 (32-bit)
HPUXWS22ATW-B328-11-23-32.depot
B.11.23 (64-bit)
HPUXWS22ATW-B328-11-23-64.depot
B.11.31 (32-bit)
HPUXWS22ATW-B328-11-31-32.depot
B.11.31 (64-bit)
HPUXWS22ATW-B328-11-31-64.depot
MANUAL ACTIONS: Yes - Update
Install HP-UX Web Server Suite v3.28 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23
==============
hpuxws22APCH32.APACHE
hpuxws22APCH32.APACHE2
hpuxws22APCH32.AUTH_LDAP
hpuxws22APCH32.AUTH_LDAP2
hpuxws22APCH32.MOD_JK
hpuxws22APCH32.MOD_JK2
hpuxws22APCH32.MOD_PERL
hpuxws22APCH32.MOD_PERL2
hpuxws22APCH32.PHP
hpuxws22APCH32.PHP2
hpuxws22APCH32.WEBPROXY
hpuxws22APCH32.WEBPROXY2
hpuxws22APACHE.APACHE
hpuxws22APACHE.APACHE2
hpuxws22APACHE.AUTH_LDAP
hpuxws22APACHE.AUTH_LDAP2
hpuxws22APACHE.MOD_JK
hpuxws22APACHE.MOD_JK2
hpuxws22APACHE.MOD_PERL
hpuxws22APACHE.MOD_PERL2
hpuxws22APACHE.PHP
hpuxws22APACHE.PHP2
hpuxws22APACHE.WEBPROXY
hpuxws22APACHE.WEBPROXY2
action: install revision B.2.2.15.16 or subsequent
HP-UX B.11.31
==================
hpuxws22APCH32.APACHE
hpuxws22APCH32.APACHE2
hpuxws22APCH32.AUTH_LDAP
hpuxws22APCH32.AUTH_LDAP2
hpuxws22APCH32.MOD_JK
hpuxws22APCH32.MOD_JK2
hpuxws22APCH32.MOD_PERL
hpuxws22APCH32.MOD_PERL2
hpuxws22APCH32.PHP
hpuxws22APCH32.PHP2
hpuxws22APCH32.WEBPROXY
hpuxws22APCH32.WEBPROXY2
hpuxws22APACHE.APACHE
hpuxws22APACHE.APACHE2
hpuxws22APACHE.AUTH_LDAP
hpuxws22APACHE.AUTH_LDAP2
hpuxws22APACHE.MOD_JK
hpuxws22APACHE.MOD_JK2
hpuxws22APACHE.MOD_PERL
hpuxws22APACHE.MOD_PERL2
hpuxws22APACHE.PHP
hpuxws22APACHE.PHP2
hpuxws22APACHE.WEBPROXY
hpuxws22APACHE.WEBPROXY2
action: install revision B.2.2.15.16 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 18 September 2013 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
This release serves as a replacement for Red Hat JBoss Enterprise
Application Platform 6.1.0, and includes bug fixes and enhancements. Refer
to the 6.1.1 Release Notes for information on the most significant of these
changes, available shortly from
https://access.redhat.com/site/documentation/
Security fixes:
Cross-site scripting (XSS) flaws were found in the mod_info, mod_status,
mod_imagemap, mod_ldap, and mod_proxy_ftp modules. (CVE-2012-4558)
A flaw was found in the way the mod_dav module handled merge requests. An
attacker could use this flaw to send a crafted merge request that contains
URIs that are not configured for DAV, causing the httpd child process to
crash. (CVE-2013-1896)
A flaw was found in the way Apache Santuario XML Security for Java
validated XML signatures. Santuario allowed a signature to specify an
arbitrary canonicalization algorithm, which would be applied to the
SignedInfo XML fragment. A remote attacker could exploit this to spoof an
XML signature via a specially-crafted XML signature block. (CVE-2013-1862)
The data file used by PicketBox Vault to store encrypted passwords contains
a copy of its own admin key. The file is encrypted using only this admin
key, not the corresponding JKS key. A local attacker with permission to
read the vault data file could read the admin key from the file, and use it
to decrypt the file and read the stored passwords in clear text.
(CVE-2013-1921)
A flaw was found in JGroup's DiagnosticsHandler that allowed an attacker on
an adjacent network to reuse the credentials from a previous successful
authentication. This could be exploited to read diagnostic information
(information disclosure) and attain limited remote code execution.
Refer to the Solution section for further details. The
JBoss server process must be restarted for the update to take effect. On
update, the configuration files that have been locally modified will not be
updated. The updated version of such files will be stored as the rpmnew
files. Make sure to locate any such files after the update and merge any
changes manually. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: httpd security update
Advisory ID: RHSA-2013:0815-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0815.html
Issue date: 2013-05-13
CVE Names: CVE-2012-3499 CVE-2012-4558 CVE-2013-1862
=====================================================================
1. Summary:
Updated httpd packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
3. Description:
The Apache HTTP Server is a popular web server.
Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer
module's manager web interface. If a remote attacker could trick a user,
who was logged into the manager web interface, into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user's manager interface session. (CVE-2012-4558)
It was found that mod_rewrite did not filter terminal escape sequences from
its log file. (CVE-2013-1862)
Cross-site scripting (XSS) flaws were found in the mod_info, mod_status,
mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could
possibly use these flaws to perform XSS attacks if they were able to make
the victim's browser generate an HTTP request with a specially-crafted Host
header. (CVE-2012-3499)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon will be restarted automatically.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
915883 - CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames
915884 - CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface
953729 - CVE-2013-1862 httpd: mod_rewrite allows terminal escape sequences to be written to the log file
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm
i386:
httpd-2.2.3-78.el5_9.i386.rpm
httpd-debuginfo-2.2.3-78.el5_9.i386.rpm
mod_ssl-2.2.3-78.el5_9.i386.rpm
x86_64:
httpd-2.2.3-78.el5_9.x86_64.rpm
httpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm
mod_ssl-2.2.3-78.el5_9.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm
i386:
httpd-debuginfo-2.2.3-78.el5_9.i386.rpm
httpd-devel-2.2.3-78.el5_9.i386.rpm
httpd-manual-2.2.3-78.el5_9.i386.rpm
x86_64:
httpd-debuginfo-2.2.3-78.el5_9.i386.rpm
httpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm
httpd-devel-2.2.3-78.el5_9.i386.rpm
httpd-devel-2.2.3-78.el5_9.x86_64.rpm
httpd-manual-2.2.3-78.el5_9.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm
i386:
httpd-2.2.3-78.el5_9.i386.rpm
httpd-debuginfo-2.2.3-78.el5_9.i386.rpm
httpd-devel-2.2.3-78.el5_9.i386.rpm
httpd-manual-2.2.3-78.el5_9.i386.rpm
mod_ssl-2.2.3-78.el5_9.i386.rpm
ia64:
httpd-2.2.3-78.el5_9.ia64.rpm
httpd-debuginfo-2.2.3-78.el5_9.ia64.rpm
httpd-devel-2.2.3-78.el5_9.ia64.rpm
httpd-manual-2.2.3-78.el5_9.ia64.rpm
mod_ssl-2.2.3-78.el5_9.ia64.rpm
ppc:
httpd-2.2.3-78.el5_9.ppc.rpm
httpd-debuginfo-2.2.3-78.el5_9.ppc.rpm
httpd-debuginfo-2.2.3-78.el5_9.ppc64.rpm
httpd-devel-2.2.3-78.el5_9.ppc.rpm
httpd-devel-2.2.3-78.el5_9.ppc64.rpm
httpd-manual-2.2.3-78.el5_9.ppc.rpm
mod_ssl-2.2.3-78.el5_9.ppc.rpm
s390x:
httpd-2.2.3-78.el5_9.s390x.rpm
httpd-debuginfo-2.2.3-78.el5_9.s390.rpm
httpd-debuginfo-2.2.3-78.el5_9.s390x.rpm
httpd-devel-2.2.3-78.el5_9.s390.rpm
httpd-devel-2.2.3-78.el5_9.s390x.rpm
httpd-manual-2.2.3-78.el5_9.s390x.rpm
mod_ssl-2.2.3-78.el5_9.s390x.rpm
x86_64:
httpd-2.2.3-78.el5_9.x86_64.rpm
httpd-debuginfo-2.2.3-78.el5_9.i386.rpm
httpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm
httpd-devel-2.2.3-78.el5_9.i386.rpm
httpd-devel-2.2.3-78.el5_9.x86_64.rpm
httpd-manual-2.2.3-78.el5_9.x86_64.rpm
mod_ssl-2.2.3-78.el5_9.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm
i386:
httpd-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-tools-2.2.15-28.el6_4.i686.rpm
x86_64:
httpd-2.2.15-28.el6_4.x86_64.rpm
httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm
httpd-tools-2.2.15-28.el6_4.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm
i386:
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
mod_ssl-2.2.15-28.el6_4.i686.rpm
noarch:
httpd-manual-2.2.15-28.el6_4.noarch.rpm
x86_64:
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.x86_64.rpm
mod_ssl-2.2.15-28.el6_4.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm
x86_64:
httpd-2.2.15-28.el6_4.x86_64.rpm
httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm
httpd-tools-2.2.15-28.el6_4.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm
noarch:
httpd-manual-2.2.15-28.el6_4.noarch.rpm
x86_64:
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.x86_64.rpm
mod_ssl-2.2.15-28.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm
i386:
httpd-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
httpd-tools-2.2.15-28.el6_4.i686.rpm
mod_ssl-2.2.15-28.el6_4.i686.rpm
noarch:
httpd-manual-2.2.15-28.el6_4.noarch.rpm
ppc64:
httpd-2.2.15-28.el6_4.ppc64.rpm
httpd-debuginfo-2.2.15-28.el6_4.ppc.rpm
httpd-debuginfo-2.2.15-28.el6_4.ppc64.rpm
httpd-devel-2.2.15-28.el6_4.ppc.rpm
httpd-devel-2.2.15-28.el6_4.ppc64.rpm
httpd-tools-2.2.15-28.el6_4.ppc64.rpm
mod_ssl-2.2.15-28.el6_4.ppc64.rpm
s390x:
httpd-2.2.15-28.el6_4.s390x.rpm
httpd-debuginfo-2.2.15-28.el6_4.s390.rpm
httpd-debuginfo-2.2.15-28.el6_4.s390x.rpm
httpd-devel-2.2.15-28.el6_4.s390.rpm
httpd-devel-2.2.15-28.el6_4.s390x.rpm
httpd-tools-2.2.15-28.el6_4.s390x.rpm
mod_ssl-2.2.15-28.el6_4.s390x.rpm
x86_64:
httpd-2.2.15-28.el6_4.x86_64.rpm
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.x86_64.rpm
httpd-tools-2.2.15-28.el6_4.x86_64.rpm
mod_ssl-2.2.15-28.el6_4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm
i386:
httpd-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
httpd-tools-2.2.15-28.el6_4.i686.rpm
mod_ssl-2.2.15-28.el6_4.i686.rpm
noarch:
httpd-manual-2.2.15-28.el6_4.noarch.rpm
x86_64:
httpd-2.2.15-28.el6_4.x86_64.rpm
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.x86_64.rpm
httpd-tools-2.2.15-28.el6_4.x86_64.rpm
mod_ssl-2.2.15-28.el6_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-3499.html
https://www.redhat.com/security/data/cve/CVE-2012-4558.html
https://www.redhat.com/security/data/cve/CVE-2013-1862.html
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRkStkXlSAg2UNWIIRAjqUAKC32RL1vwpATVk/Br3oSVd4O798twCglqcU
SUNZGJOLZsJPZ1ahPENC8lg=
=9n3X
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ==========================================================================
Ubuntu Security Notice USN-1903-1
July 15, 2013
apache2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the Apache HTTP Server. (CVE-2013-1896)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
apache2.2-common 2.2.22-6ubuntu5.1
Ubuntu 12.10:
apache2.2-common 2.2.22-6ubuntu2.3
Ubuntu 12.04 LTS:
apache2.2-common 2.2.22-1ubuntu1.4
Ubuntu 10.04 LTS:
apache2.2-common 2.2.14-5ubuntu8.12
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2015-043: RSA\xae Validation Manager Security Update for Multiple Vulnerabilities
EMC Identifier: ESA-2015-043
CVE Identifier: CVE-2014-3566, CVE-2014-0098, CVE-2014-0231, CVE-2014-0226, CVE-2013-1862, CVE-2012-3499, CVE-2015-0526, CVE-2013-2566
Severity Rating: CVSSv2 Base Score: See below for details
Affected Products:
RSA Validation Manager 3.2 prior to Build 201
Unaffected Products:
RSA Validation Manager 3.2 Build 201 or above
Summary:
RSA Validation Manager (RVM) requires a security update to address potential multiple vulnerabilities.
Details:
RSA Validation Manager (RVM) contains security fixes to address the following vulnerabilities:
CVE-2014-3566:The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 for more details.
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2014-0098: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 for more details. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231
CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2014-0226: Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226for more details.
See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1862 for more details.
See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3499 for more details.
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE-2013-2566: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 for more details.
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Reflected Cross-Site Scripting Vulnerability (CVE-2015-0526): A cross-site scripting vulnerability affecting the displayMode and wrapPreDisplayMode parameter could potentially be exploited by an attacker to execute arbitrary HTML and script code in RVM user\x92s browser session.
CVSSv2 Base Score:7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the database\x92s search utility at http://web.nvd.nist.gov/view/vuln/search.
Recommendation:
The following RVM release contains the resolution to these issues:
RSA Validation Manager 3.2 Build 201 or later
RSA recommends all customers upgrade to the version mentioned above at the earliest opportunity.
Credit:
RSA would like to thank Ken Cijsouw (ken.cijsouw@sincerus.nl) for reporting CVE-2015-0526.
Obtaining Downloads:
To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link.
Obtaining Documentation:
To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
Obtaining More Information:
For more information about RSA products, visit the RSA web site at http://www.rsa.com.
Getting Support and Service:
For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.
General Customer Support Information:
http://www.emc.com/support/rsa/index.htm
RSA SecurCare Online:
https://knowledge.rsasecurity.com
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions.
http://www.emc.com/support/rsa/eops/index.htm
SecurCare Online Security Advisories
RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
About RSA SecurCare Notes & Security Advisories Subscription
RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\x92d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\x92d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection. Please
review the CVE identifiers and research paper referenced below for
details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Apache HTTP Server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.25"
References
==========
[ 1 ] CVE-2007-6750
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6750
[ 2 ] CVE-2012-4929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4929
[ 3 ] CVE-2013-1862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1862
[ 4 ] CVE-2013-1896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1896
[ 5 ] Compression and Information Leakage of Plaintext
http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-12.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5