VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201108-0184 CVE-2011-2415 Adobe Flash Player and Adobe AIR Vulnerable to buffer overflow CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414. Adobe Flash Player and Adobe AIR Contains a buffer overflow vulnerability. This vulnerability CVE-2011-2130 , CVE-2011-2134 , CVE-2011-2137 ,and CVE-2011-2414 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2011:033 Date: Wed, 10 Aug 2011 14:00:00 +0000 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 Vulnerability Type: remote code execution CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135 CVE-2011-2136, CVE-2011-2137, CVE-2011-2138 CVE-2011-2139, CVE-2011-2140, CVE-2011-2414 CVE-2011-2415, CVE-2011-2416, CVE-2011-2417 CVE-2011-2425 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows: - CVE-2011-2130: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2134: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2135: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2136: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2137: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2138: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2139: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2140: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2414: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2415: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2416: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2417: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2425: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user. For more details see: http://www.adobe.com/support/security/bulletins/apsb11-21.html 2) Solution or Work-Around none 3) Special Instructions and Notes Pleease restart your browser. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=7c71e4aec6afd72e6b40f8cf2817e900 SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=377e091a105e9d540a2a90f09cff0a10 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45583 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45583/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 RELEASE DATE: 2011-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/45583/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45583/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 7) An unspecified error can be exploited to disclose certain information from another domain. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor The vendor credits: 2) Yang Dingning, NCNIPC, Graduate University of Chinese Academy of Sciences 3) Wushi, Team 509 via iDefense Labs 4, 11) Vitaliy Toropov via iDefense Labs 5) Alexander Zaitsev, Positive Technologies 6, 8) An anonymous person via ZDI 7) Brandon Hardy 9) Bo Qu, Palo Alto Networks 10) Bo Qu, Palo Alto Networks and Honggang Ren, FortiGuard Labs 12) Marc Schoenefeld (Dr. rer. nat.), Red Hat Security Response Team 13) Honggang Ren, FortiGuard Labs ORIGINAL ADVISORY: Adobe (APSB11-21): http://www.adobe.com/support/security/bulletins/apsb11-21.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201108-0185 CVE-2011-2416 Adobe Flash Player and Adobe AIR Integer overflow vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138. Adobe Flash Player and Adobe AIR Contains an integer overflow vulnerability. This vulnerability CVE-2011-2136 and CVE-2011-2138 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2011:033 Date: Wed, 10 Aug 2011 14:00:00 +0000 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 Vulnerability Type: remote code execution CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135 CVE-2011-2136, CVE-2011-2137, CVE-2011-2138 CVE-2011-2139, CVE-2011-2140, CVE-2011-2414 CVE-2011-2415, CVE-2011-2416, CVE-2011-2417 CVE-2011-2425 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows: - CVE-2011-2130: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2134: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2135: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2136: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2137: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2138: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2139: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2140: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2414: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2415: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2416: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2417: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2425: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user. For more details see: http://www.adobe.com/support/security/bulletins/apsb11-21.html 2) Solution or Work-Around none 3) Special Instructions and Notes Pleease restart your browser. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=7c71e4aec6afd72e6b40f8cf2817e900 SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=377e091a105e9d540a2a90f09cff0a10 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45583 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45583/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 RELEASE DATE: 2011-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/45583/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45583/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 7) An unspecified error can be exploited to disclose certain information from another domain. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor The vendor credits: 2) Yang Dingning, NCNIPC, Graduate University of Chinese Academy of Sciences 3) Wushi, Team 509 via iDefense Labs 4, 11) Vitaliy Toropov via iDefense Labs 5) Alexander Zaitsev, Positive Technologies 6, 8) An anonymous person via ZDI 7) Brandon Hardy 9) Bo Qu, Palo Alto Networks 10) Bo Qu, Palo Alto Networks and Honggang Ren, FortiGuard Labs 12) Marc Schoenefeld (Dr. rer. nat.), Red Hat Security Response Team 13) Honggang Ren, FortiGuard Labs ORIGINAL ADVISORY: Adobe (APSB11-21): http://www.adobe.com/support/security/bulletins/apsb11-21.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. iDefense Security Advisory 08.09.11 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 09, 2011 I. For more information, please visit following website: http://www.adobe.com/products/flashplayer/ II. During the allocation of an array within a certain internal ActionScript function, a size calculation may cause an integer value to overflow. This condition may lead to the bounds of an undersized array being overflown during a memory copy operation. III. An attacker typically accomplishes this via social engineering or injecting content into a compromised, trusted site. IV. VENDOR RESPONSE Adobe has released a fix which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown. http://www.adobe.com/support/security/bulletins/apsb11-21.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2011-2416 and CVE-2011-2136 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 04/27/2011 Initial Vendor Notification 04/27/2011 Vendor Reply 08/09/2011 Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by Vitaliy Toropov. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2011 Verisign Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201108-0145 CVE-2011-2139 Adobe Flash Player and Adobe AIR Vulnerabilities that bypass the same origin policy CVSS V2: 6.4
CVSS V3: -
Severity: MEDIUM
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. Adobe Flash Player is prone to an unspecified cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The product enables viewing of applications, content and video across screens and browsers. Remote attackers can use unidentified vectors to bypass the same-origin policy and obtain sensitive information. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2011:033 Date: Wed, 10 Aug 2011 14:00:00 +0000 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 Vulnerability Type: remote code execution CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135 CVE-2011-2136, CVE-2011-2137, CVE-2011-2138 CVE-2011-2139, CVE-2011-2140, CVE-2011-2414 CVE-2011-2415, CVE-2011-2416, CVE-2011-2417 CVE-2011-2425 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows: - CVE-2011-2130: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2134: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2135: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2136: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2137: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2138: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2139: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2140: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2414: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2415: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2416: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2417: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2425: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user. For more details see: http://www.adobe.com/support/security/bulletins/apsb11-21.html 2) Solution or Work-Around none 3) Special Instructions and Notes Pleease restart your browser. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=7c71e4aec6afd72e6b40f8cf2817e900 SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=377e091a105e9d540a2a90f09cff0a10 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA45593 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45593/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45593 RELEASE DATE: 2011-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/45593/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45593/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45593 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1144-1: https://rhn.redhat.com/errata/RHSA-2011-1144.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
VAR-201108-0149 CVE-2011-2137 Adobe Flash Player and Adobe AIR Vulnerable to buffer overflow CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415. Adobe Flash Player and Adobe AIR Contains a buffer overflow vulnerability. This vulnerability CVE-2011-2130 , CVE-2011-2134 , CVE-2011-2414 ,and CVE-2011-2415 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. BACKGROUND --------------------- "Adobe Flash Player is a cross-platform browser-based application runtime that delivers uncompromised viewing of expressive applications, content, and videos across screens and browsers. Flash Player delivers breakthrough web experiences to over 98% of Internet users." from Adobe.com II. The vulnerability is caused by a buffer overflow error when processing a malformed ActionScript FileReference method, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE: CVE-2011-2137 III. Binary Analysis & Exploits/PoCs --------------------------------------- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis & Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program ----------------------------------- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. CREDIT -------------- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --------------------------- VUPEN is the world leader in vulnerability research for defensive and offensive security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as "Entrepreneurial Company of the Year in the Vulnerability Research Market (2011)" by Frost & Sullivan. VUPEN solutions include: * VUPEN Binary Analysis & Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. DISCLOSURE TIMELINE ----------------------------- 2011-04-28 - Vulnerability Discovered by VUPEN and shared with customers 2011-08-10 - Public disclosure . Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2011:033 Date: Wed, 10 Aug 2011 14:00:00 +0000 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 Vulnerability Type: remote code execution CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135 CVE-2011-2136, CVE-2011-2137, CVE-2011-2138 CVE-2011-2139, CVE-2011-2140, CVE-2011-2414 CVE-2011-2415, CVE-2011-2416, CVE-2011-2417 CVE-2011-2425 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows: - CVE-2011-2130: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2134: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2135: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2136: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2137: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2138: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2139: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2140: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2414: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2415: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2416: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2417: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2425: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user. For more details see: http://www.adobe.com/support/security/bulletins/apsb11-21.html 2) Solution or Work-Around none 3) Special Instructions and Notes Pleease restart your browser. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=7c71e4aec6afd72e6b40f8cf2817e900 SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=377e091a105e9d540a2a90f09cff0a10 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA45593 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45593/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45593 RELEASE DATE: 2011-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/45593/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45593/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45593 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1144-1: https://rhn.redhat.com/errata/RHSA-2011-1144.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
VAR-201108-0148 CVE-2011-2136 Adobe Flash Player and Adobe AIR Integer overflow vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416. Adobe Flash Player and Adobe AIR Contains an integer overflow vulnerability. This vulnerability CVE-2011-2138 ,and CVE-2011-2416 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2011:033 Date: Wed, 10 Aug 2011 14:00:00 +0000 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 Vulnerability Type: remote code execution CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135 CVE-2011-2136, CVE-2011-2137, CVE-2011-2138 CVE-2011-2139, CVE-2011-2140, CVE-2011-2414 CVE-2011-2415, CVE-2011-2416, CVE-2011-2417 CVE-2011-2425 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows: - CVE-2011-2130: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2134: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2135: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2136: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2137: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2138: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2139: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2140: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2414: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2415: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2416: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2417: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2425: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user. For more details see: http://www.adobe.com/support/security/bulletins/apsb11-21.html 2) Solution or Work-Around none 3) Special Instructions and Notes Pleease restart your browser. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=7c71e4aec6afd72e6b40f8cf2817e900 SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=377e091a105e9d540a2a90f09cff0a10 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . iDefense Security Advisory 08.09.11 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 09, 2011 I. For more information, please visit following website: http://www.adobe.com/products/flashplayer/ II. During the allocation of an array within a certain internal ActionScript function, a size calculation may cause an integer value to overflow. This condition may lead to the bounds of an undersized array being overflown during a memory copy operation. III. An attacker typically accomplishes this via social engineering or injecting content into a compromised, trusted site. IV. VENDOR RESPONSE Adobe has released a fix which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown. http://www.adobe.com/support/security/bulletins/apsb11-21.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2011-2416 and CVE-2011-2136 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 04/27/2011 Initial Vendor Notification 04/27/2011 Vendor Reply 08/09/2011 Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by Vitaliy Toropov. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2011 Verisign Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA45593 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45593/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45593 RELEASE DATE: 2011-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/45593/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45593/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45593 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1144-1: https://rhn.redhat.com/errata/RHSA-2011-1144.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
VAR-201108-0146 CVE-2011-2140 Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425. Adobe Flash Player and Adobe AIR Any code that could be executed or service disruption ( Memory corruption ) There is a vulnerability that becomes a condition. This vulnerability CVE-2011-2135 , CVE-2011-2417 ,and CVE-2011-2425 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The flaw exists within the sequenceParameterSetNALUnit component. When handling the num_ref_frames_in_pic_order_cnt_cycle value the size is not validated and the process blindly copies user supplied data from offset_for_ref_frame into a fixed-length buffer on the stack. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2011:033 Date: Wed, 10 Aug 2011 14:00:00 +0000 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 Vulnerability Type: remote code execution CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135 CVE-2011-2136, CVE-2011-2137, CVE-2011-2138 CVE-2011-2139, CVE-2011-2140, CVE-2011-2414 CVE-2011-2415, CVE-2011-2416, CVE-2011-2417 CVE-2011-2425 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows: - CVE-2011-2130: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2134: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2135: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2136: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2137: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2138: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2139: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2140: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2414: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2415: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2416: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2417: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2425: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user. For more details see: http://www.adobe.com/support/security/bulletins/apsb11-21.html 2) Solution or Work-Around none 3) Special Instructions and Notes Pleease restart your browser. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=7c71e4aec6afd72e6b40f8cf2817e900 SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=377e091a105e9d540a2a90f09cff0a10 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45583 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45583/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 RELEASE DATE: 2011-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/45583/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45583/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 7) An unspecified error can be exploited to disclose certain information from another domain. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor The vendor credits: 2) Yang Dingning, NCNIPC, Graduate University of Chinese Academy of Sciences 3) Wushi, Team 509 via iDefense Labs 4, 11) Vitaliy Toropov via iDefense Labs 5) Alexander Zaitsev, Positive Technologies 6, 8) An anonymous person via ZDI 7) Brandon Hardy 9) Bo Qu, Palo Alto Networks 10) Bo Qu, Palo Alto Networks and Honggang Ren, FortiGuard Labs 12) Marc Schoenefeld (Dr. rer. nat.), Red Hat Security Response Team 13) Honggang Ren, FortiGuard Labs ORIGINAL ADVISORY: Adobe (APSB11-21): http://www.adobe.com/support/security/bulletins/apsb11-21.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . The flaw exists within the sequenceParameterSetNALUnit component. More details can be found at: http://www.adobe.com/support/security/bulletins/apsb11-21.html -- Disclosure Timeline: 2011-02-10 - Vulnerability reported to vendor 2011-08-23 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201108-0150 CVE-2011-2138 Adobe Flash Player and Adobe AIR Integer overflow vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416. Adobe Flash Player and Adobe AIR Contains an integer overflow vulnerability. This vulnerability CVE-2011-2136 ,and CVE-2011-2416 Is a different vulnerability.An attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the code responsible for evaluating the scroll method of the Actionscript Bitmap class. The function that uses the parameters to the scroll method performs arithmetic using data from the instantiated Bitmap object. By creating a Bitmap with certain integer values and subsequently calling the scroll method with other large integer values it is possible to force an integer wrap to occur. The resulting value is utilized to calculate a pointer which is operated upon by memory copy operations. By crafting specific values this issue can be exploited to execute remote code in the context of the user running the browser. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2011:033 Date: Wed, 10 Aug 2011 14:00:00 +0000 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 Vulnerability Type: remote code execution CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135 CVE-2011-2136, CVE-2011-2137, CVE-2011-2138 CVE-2011-2139, CVE-2011-2140, CVE-2011-2414 CVE-2011-2415, CVE-2011-2416, CVE-2011-2417 CVE-2011-2425 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows: - CVE-2011-2130: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2134: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2135: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2136: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2137: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2138: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2139: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2140: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2414: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2415: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2416: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2417: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2425: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user. For more details see: http://www.adobe.com/support/security/bulletins/apsb11-21.html 2) Solution or Work-Around none 3) Special Instructions and Notes Pleease restart your browser. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=7c71e4aec6afd72e6b40f8cf2817e900 SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=377e091a105e9d540a2a90f09cff0a10 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45583 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45583/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 RELEASE DATE: 2011-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/45583/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45583/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 7) An unspecified error can be exploited to disclose certain information from another domain. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor The vendor credits: 2) Yang Dingning, NCNIPC, Graduate University of Chinese Academy of Sciences 3) Wushi, Team 509 via iDefense Labs 4, 11) Vitaliy Toropov via iDefense Labs 5) Alexander Zaitsev, Positive Technologies 6, 8) An anonymous person via ZDI 7) Brandon Hardy 9) Bo Qu, Palo Alto Networks 10) Bo Qu, Palo Alto Networks and Honggang Ren, FortiGuard Labs 12) Marc Schoenefeld (Dr. rer. nat.), Red Hat Security Response Team 13) Honggang Ren, FortiGuard Labs ORIGINAL ADVISORY: Adobe (APSB11-21): http://www.adobe.com/support/security/bulletins/apsb11-21.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. More details can be found at: http://www.adobe.com/support/security/bulletins/apsb11-21.html -- Disclosure Timeline: 2011-06-02 - Vulnerability reported to vendor 2011-08-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201108-0147 CVE-2011-2135 Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425. Adobe Flash Player and Adobe AIR Any code that could be executed or service disruption ( Memory corruption ) There is a vulnerability that becomes a condition. This vulnerability CVE-2011-2140 , CVE-2011-2417 ,and CVE-2011-2425 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. iDefense Security Advisory 08.09.11 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 09, 2011 I. For more information, please visit following website: http://www.adobe.com/products/flashplayer/ II. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in a certain ActionScript function method of the built-in "flash.display" class. When malformed parameters are supplied to this function, a memory corruption will occur, leading to an exploitable condition. III. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. After the user visits the malicious Web page, no further user interaction is needed. IV. VENDOR RESPONSE Adobe has released a fix which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown. http://www.adobe.com/support/security/bulletins/apsb11-21.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2011-2135 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 06/29/2011 Initial Vendor Notification 06/29/2011 Vendor Reply 08/09/2011 Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by wushi of team509. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2011 Verisign Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2011:033 Date: Wed, 10 Aug 2011 14:00:00 +0000 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 Vulnerability Type: remote code execution CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135 CVE-2011-2136, CVE-2011-2137, CVE-2011-2138 CVE-2011-2139, CVE-2011-2140, CVE-2011-2414 CVE-2011-2415, CVE-2011-2416, CVE-2011-2417 CVE-2011-2425 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows: - CVE-2011-2130: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2134: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2135: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2136: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2137: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2138: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2139: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2140: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2414: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2415: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2416: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2417: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2425: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user. For more details see: http://www.adobe.com/support/security/bulletins/apsb11-21.html 2) Solution or Work-Around none 3) Special Instructions and Notes Pleease restart your browser. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=7c71e4aec6afd72e6b40f8cf2817e900 SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=377e091a105e9d540a2a90f09cff0a10 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA45593 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45593/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45593 RELEASE DATE: 2011-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/45593/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45593/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45593 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1144-1: https://rhn.redhat.com/errata/RHSA-2011-1144.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
VAR-201108-0032 CVE-2011-0228 Apple iOS Updates for vulnerabilities in CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. Apple From iOS An update for has been released.By a third party SSL/TLS There is a possibility that the content being communicated on will be intercepted or tampered with. Apple iOS is prone to a security vulnerability that may allow attackers to capture or modify data. Successful exploits will allow attackers to gain access to sensitive information or send misleading information to a victim user. Other attacks are also possible. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple iOS "basicConstraints" X.509 Certificate Chain Validation Vulnerability SECUNIA ADVISORY ID: SA45369 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45369/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45369 RELEASE DATE: 2011-07-27 DISCUSS ADVISORY: http://secunia.com/advisories/45369/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45369/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45369 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apple iOS, which can be exploited by malicious people to conduct spoofing attacks. This can be exploited to spoof certificates of arbitrary domains and disclose encrypted information e.g. using a Man-in-the-Middle (MitM) attack. PROVIDED AND/OR DISCOVERED BY: Paul Kehrer, Trustwave's SpiderLabs. The vendor also credits Gregor Kopf, Recurity Labs on behalf of BSI. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4824 http://support.apple.com/kb/HT4825 Trustwave: https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Trustwave's SpiderLabs Security Advisory TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt Published: 2011-07-25 Version: 1.0 Vendor: Apple (http://www.apple.com) Product: iOS Version affected: Versions Prior to 5.0b4, 4.3.5, and 4.2.10 Product description: iOS is Apple's mobile operating system for the iPhone, iPod Touch, and iPad hardware platforms. By signing a new certificate using a legitimate end entity certificate, an attacker can obtain a "valid" certificate for any domain. For example: -TrustedCA --somedomain.com (legitimate certificate) ---api.someotherdomain.com (signed by somedomain.com) Using this technique any SSL traffic using the api.someotherdomain.com certificate can be intercepted and decrypted by the issuer. No notification of the invalid nature of the certificate is presented to the iOS user. This method allows for transparent man-in-the-middle attacks against encrypted iOS communications. Remediation Steps: Users should update to the latest version of iOS in order to address this issue. This vulnerability has been corrected in versions 5.0b4, 4.3.5, and 4.2.10. Revision History: 07/15/11 - Vulnerability Disclosed 07/25/11 - Patch Released 07/25/11 - Advisory Published References: 1. http://support.apple.com/kb/HT4824 2. http://support.apple.com/kb/HT4825 About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com About Trustwave's SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone iOS 4.2.10 Software Update for iPhone is now available and addresses the following: Data Security Available for: iOS 4.2.5 through 4.2.9 for iPhone 4 (CDMA) Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: A certificate chain validation issue existed in the handling of X.509 certificates. This issue is addressed through improved validation of X.509 certificate chains. CVE-ID CVE-2011-0228 : Gregor Kopf of Recurity Labs on behalf of BSI, and Paul Kehrer of Trustwave's SpiderLabs Installation note: This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone is docked to your computer. To check that the iPhone has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "4.2.10 (8E600)". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJOKaO4AAoJEGnF2JsdZQeeZJAH/AgzQw32cHPdHMZMufmeTx7C q0I1yzI+uF8HDERM8VfDg98rjVFbhcKKyeA1FNe1lGz79sIpo6Px4QubCRKyt2RW FbLYNGlWNreNodBr8FhAQcVqYbHLogD1O/Y+MVeU9i4pVfO6gXFfaMHWZkaZDlZd m9DLyPxAJ9uRtb9AYz3YL7Dp52YoW5yApSnpqV2dm5LE9L7ysvZ6inDOme0figAH v8+MDE18x1Caw3n0f2cWd6Sz9jqjvIodgp8iYWMEYnsRUZtFlFyxbSQSJFeFq1Ul y8N12gycPaWCJsqQyfFEruTcqHnV9kBVZV9TACT6UdtRkULXtsFEsqi6+8PI2mo= =yzpz -----END PGP SIGNATURE-----
VAR-201108-0076 CVE-2011-2130 Adobe Flash Player and Adobe AIR Vulnerable to buffer overflow CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415. Adobe Flash Player and Adobe AIR Contains a buffer overflow vulnerability. This vulnerability CVE-2011-2134 , CVE-2011-2137 , CVE-2011-2414 ,and CVE-2011-2415 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2011:033 Date: Wed, 10 Aug 2011 14:00:00 +0000 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 Vulnerability Type: remote code execution CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135 CVE-2011-2136, CVE-2011-2137, CVE-2011-2138 CVE-2011-2139, CVE-2011-2140, CVE-2011-2414 CVE-2011-2415, CVE-2011-2416, CVE-2011-2417 CVE-2011-2425 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows: - CVE-2011-2130: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2134: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2135: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2136: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2137: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2138: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2139: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2140: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2414: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2415: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2416: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2417: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2425: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user. For more details see: http://www.adobe.com/support/security/bulletins/apsb11-21.html 2) Solution or Work-Around none 3) Special Instructions and Notes Pleease restart your browser. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=7c71e4aec6afd72e6b40f8cf2817e900 SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=377e091a105e9d540a2a90f09cff0a10 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45583 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45583/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 RELEASE DATE: 2011-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/45583/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45583/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 7) An unspecified error can be exploited to disclose certain information from another domain. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor The vendor credits: 2) Yang Dingning, NCNIPC, Graduate University of Chinese Academy of Sciences 3) Wushi, Team 509 via iDefense Labs 4, 11) Vitaliy Toropov via iDefense Labs 5) Alexander Zaitsev, Positive Technologies 6, 8) An anonymous person via ZDI 7) Brandon Hardy 9) Bo Qu, Palo Alto Networks 10) Bo Qu, Palo Alto Networks and Honggang Ren, FortiGuard Labs 12) Marc Schoenefeld (Dr. rer. nat.), Red Hat Security Response Team 13) Honggang Ren, FortiGuard Labs ORIGINAL ADVISORY: Adobe (APSB11-21): http://www.adobe.com/support/security/bulletins/apsb11-21.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201108-0080 CVE-2011-2134 Adobe Flash Player and Adobe AIR Vulnerable to buffer overflow CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415. Adobe Flash Player and Adobe AIR Contains a buffer overflow vulnerability. This vulnerability CVE-2011-2130 , CVE-2011-2137 , CVE-2011-2414 ,and CVE-2011-2415 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2011:033 Date: Wed, 10 Aug 2011 14:00:00 +0000 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 Vulnerability Type: remote code execution CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135 CVE-2011-2136, CVE-2011-2137, CVE-2011-2138 CVE-2011-2139, CVE-2011-2140, CVE-2011-2414 CVE-2011-2415, CVE-2011-2416, CVE-2011-2417 CVE-2011-2425 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows: - CVE-2011-2130: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2134: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2135: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2136: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2137: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2138: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2139: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2140: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2414: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2415: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2416: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2417: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2425: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user. For more details see: http://www.adobe.com/support/security/bulletins/apsb11-21.html 2) Solution or Work-Around none 3) Special Instructions and Notes Pleease restart your browser. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=7c71e4aec6afd72e6b40f8cf2817e900 SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=377e091a105e9d540a2a90f09cff0a10 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA45593 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45593/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45593 RELEASE DATE: 2011-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/45593/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45593/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45593 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1144-1: https://rhn.redhat.com/errata/RHSA-2011-1144.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
VAR-201107-0101 CVE-2011-0215 Windows Run on Apple Safari of ImageIO Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. WebKit is prone to a memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to visit a malicious webpage. Successful exploits will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously discussed in BID 48808 (Apple Safari Prior to 5.1 and 5.0.6 Multiple Security Vulnerabilities) but has been given its own record to better document it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6 Safari 5.1 and Safari 5.0.6 are now available and address the following: CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: In certain situations, Safari may treat a file as HTML, even if it is served with the 'text/plain' content type. This may lead to a cross-site scripting attack on sites that allow untrusted users to post text files. This issue is addressed through improved handling of 'text/plain' content. CVE-ID CVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability Research (MSVR), Neal Poole of Matasano Security CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Authenticating to a maliciously crafted website may lead to arbitrary code execution Description: The NTLM authentication protocol is susceptible to a replay attack referred to as credential reflection. Authenticating to a maliciously crafted website may lead to arbitrary code execution. To mitigate this issue, Safari has been updated to utilize protection mechanisms recently added to Windows. This issue does not affect Mac OS X systems. CVE-ID CVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: A root certificate that is disabled may still be trusted Description: CFNetwork did not properly validate that a certificate was trusted for use by a SSL server. As a result, if the user had marked a system root certificate as not trusted, Safari would still accept certificates signed by that root. This issue is addressed through improved certificate validation. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0214 : An anonymous reporter ColorSync Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative CoreFoundation Available for: Windows 7, Vista, XP SP2 or later Impact: Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution Description: An off-by-one buffer overflow issue existed in the handling of CFStrings. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. CVE-ID CVE-2011-0201 : Harry Sintonen CoreGraphics Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert of the Google Security Team International Components for Unicode Available for: Windows 7, Vista, XP SP2 or later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in ICU's handling of uppercase strings. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. CVE-ID CVE-2011-0206 : David Bienvenu of Mozilla ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0204 : Dominic Chell of NGS Secure ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF images. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A reentrancy issue existed in ImageIO's handling of TIFF images. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0204 : Dominic Chell of NGS Secure libxslt Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap Description: libxslt's implementation of the generate-id() XPath function disclosed the address of a heap buffer. Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0195 : Chris Evans of the Google Chrome Security Team libxml Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A one-byte heap buffer overflow existed in libxml's handling of XML data. CVE-ID CVE-2011-0216 : Billy Rios of the Google Security Team Safari Available for: Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: If the "AutoFill web forms" feature is enabled, visiting a maliciously crafted website and typing may lead to the disclosure of information from the user's Address Book Description: Safari's "AutoFill web forms" feature filled in non- visible form fields, and the information was accessible by scripts on the site before the user submitted the form. This issue is addressed by displaying all fields that will be filled, and requiring the user's consent before AutoFill information is available to the form. CVE-ID CVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah Grossman] Safari Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: With a certain Java configuration, visiting a malicious website may lead to unexpected text being displayed on other sites Description: A cross origin issue existed in the handling of Java Applets. This applies when Java is enabled in Safari, and Java is configured to run within the browser process. Fonts loaded by a Java applet could affect the display of text content from other sites. This issue is addressed by running Java applets in a separate process. CVE-ID CVE-2011-0219 : Joshua Smith of Kaon Interactive WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. CVE-ID CVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability Research (MSVR), wushi of team509, and Yong Li of Research In Motion Ltd CVE-2011-0164 : Apple CVE-2011-0218 : SkyLined of Google Chrome Security Team CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0234 : Rob King working with TippingPoint's Zero Day Initiative, wushi of team509 working with TippingPoint's Zero Day Initiative, wushi of team509 working with iDefense VCP CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0237 : wushi of team509 working with iDefense VCP CVE-2011-0238 : Adam Barth of Google Chrome Security Team CVE-2011-0240 : wushi of team509 working with iDefense VCP CVE-2011-0253 : Richard Keen CVE-2011-0254 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0255 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc CVE-2011-0983 : Martin Barbella CVE-2011-1109 : Sergey Glazunov CVE-2011-1114 : Martin Barbella CVE-2011-1115 : Martin Barbella CVE-2011-1117 : wushi of team509 CVE-2011-1121 : miaubiz CVE-2011-1188 : Martin Barbella CVE-2011-1203 : Sergey Glazunov CVE-2011-1204 : Sergey Glazunov CVE-2011-1288 : Andreas Kling of Nokia CVE-2011-1293 : Sergey Glazunov CVE-2011-1296 : Sergey Glazunov CVE-2011-1449 : Marek Majkowski, wushi of team 509 working with iDefense VCP CVE-2011-1451 : Sergey Glazunov CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-1457 : John Knottenbelt of Google CVE-2011-1462 : wushi of team509 CVE-2011-1797 : wushi of team509 WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A configuration issue existed in WebKit's use of libxslt. Visiting a maliciously crafted website may lead to arbitrary files being created with the privileges of the user, which may lead to arbitrary code execution. This issue is addressed through improved libxslt security settings. CVE-ID CVE-2011-1774 : Nicolas Gregoire of Agarri WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an information disclosure Description: A cross-origin issue existed in the handling of Web Workers. Visiting a maliciously crafted website may lead to an information disclosure. CVE-ID CVE-2011-1190 : Daniel Divricean of divricean.ro WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of URLs with an embedded username. Visiting a maliciously crafted website may lead to a cross-site scripting attack. This issue is addressed through improved handling of URLs with an embedded username. CVE-ID CVE-2011-0242 : Jobert Abma of Online24 WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of DOM nodes. Visiting a maliciously crafted website may lead to a cross- site scripting attack. CVE-ID CVE-2011-1295 : Sergey Glazunov WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: A maliciously crafted website may be able to cause a different URL to be shown in the address bar Description: A URL spoofing issue existed in the handling of the DOM history object. A maliciously crafted website may have been able to cause a different URL to be shown in the address bar. CVE-ID CVE-2011-1107 : Jordi Chancel WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to an information disclosure Description: A canonicalization issue existed in the handling of URLs. Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to arbitrary files being sent from the user's system to a remote server. This update addresses the issue through improved handling of URLs. CVE-ID CVE-2011-0244 : Jason Hullinger WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Applications that use WebKit, such as mail clients, may connect to an arbitrary DNS server upon processing HTML content Description: DNS prefetching was enabled by default in WebKit. Applications that use WebKit, such a s mail clients, may connect to an arbitrary DNS server upon processing HTML content. This update addresses the issue by requiring applications to opt in to DNS prefetching. CVE-ID CVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd. Note: Safari 5.1 is included with OS X Lion. Safari 5.1 and Safari 5.0.6 address the same set of security issues. Safari 5.1 is provided for Mac OS X v10.6, and Windows systems. Safari 5.0.6 is provided for Mac OS X v10.5 systems. Safari 5.1 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/ Safari 5.0.6 is available via the Apple Software Update application, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Safari for Mac OS X v10.6.8 and later The download file is named: Safari5.1SnowLeopard.dmg Its SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24 Safari for Mac OS X v10.5.8 The download file is named: Safari5.0.6Leopard.dmg Its SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f Safari for Windows 7, Vista or XP The download file is named: SafariSetup.exe Its SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36 Safari for Windows 7, Vista or XP from the Microsoft Choice Screen The download file is named: Safari_Setup.exe Its SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b Safari+QuickTime for Windows 7, Vista or XP The file is named: SafariQuickTimeSetup.exe Its SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw up9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD MeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY nKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb vesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/ KD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ= =fOfF -----END PGP SIGNATURE----- . iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND WebKit is an open source web browser engine. It is currently used by Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For more information, see the vendor's site at the following link. http://webkit.org/ II. <BR> <BR> The vulnerability occurs during the processing of a malformed TIFF image. Specifically, it is possible to trigger a use-after-free vulnerability when Safari fails to properly release an object. The object's memory is freed; however, a reference to the object remains. When the reference is later used to access the object, this now invalid memory is treated as a valid object and the object's vtable is used to make an indirect function call. III. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. After the user visits the malicious Web page, no further user interaction is needed. IV. DETECTION Safari versions prior to 5.1 and 5.0.6 are vulnerable. V. WORKAROUND iDefense is currently unaware of effective workarounds for this vulnerability, as it is not possible to disable TIFF support; however, disabling JavaScript will make it more difficult to exploit the vulnerability. VI. VENDOR RESPONSE Apple Inc. For more information, consult their advisory at the following URL: http://support.apple.com/kb/HT4808 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2011-0215 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 02/02/2011 Initial Vendor Notification 02/02/2011 Initial Vendor Reply 07/20/2011 Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by Juan Pablo Lopez Yacubian. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2011 Verisign Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45325 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45325/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 RELEASE DATE: 2011-07-22 DISCUSS ADVISORY: http://secunia.com/advisories/45325/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45325/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. 1) An error within CFNetwork when handling the "text/plain" content type can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) An error exists within CFNetwork when handling SSL certificates, which does not properly verify disabled root certificates. 4) An integer overflow error exists within the ColorSync component. For more information see vulnerability #5 in: SA45054 5) An off-by-one error exists within the CoreFoundation framework. For more information see vulnerability #6 in: SA45054 6) An integer overflow error exists in CoreGraphics. For more information see vulnerability #7 in: SA45054 7) An error exists within ICU (International Components for Unicode). For more information see vulnerability #11 in: SA45054 8) An error exists in ImageIO within the handling of TIFF files when handling certain uppercase strings. For more information see vulnerability #9 in: SA45054 9) An error in ImageIO within the handling of CCITT Group 4 encoded TIFF image files can be exploited to cause a heap-based buffer overflow. 10) A use-after-free error within WebKit when handling TIFF images can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 11) An error within libxslt can be exploited to disclose certain addresses from the heap. For more information see vulnerability #2 in: SA43832 12) An off-by-one error within libxml when handling certain XML data can be exploited to cause a heap-based buffer overflow. 13) An error in the "AutoFill web forms" feature can be exploited to disclose certain information from the user's Address Book by tricking a user into visiting a specially crafted web page. 15) Multiple unspecified errors in the WebKit component can be exploited to corrupt memory. 16) An error within WebKit when handling libxslt configurations can be exploited to create arbitrary files. 18) A cross-origin error when handling certain URLs containing a username can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 19) A cross-origin error when handling DOM nodes can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 20) An error within the handling of DOM history objects can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar. 22) A weakness in WebKit can lead to remote DNS prefetching For more information see vulnerability #6 in: SA42312 23) A use-after-free error within WebKit when processing MathML markup tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 24) An error within WebKit when parsing a frameset element can be exploited to cause a heap-based buffer overflow. 25) A use-after-free error within WebKit when handling XHTML tags can result in an invalid tag pointer being dereferenced when a user views a specially crafted web page. 26) A use-after-free error within WebKit when handling SVG tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. SOLUTION: Update to version 5.1 or 5.0.6. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
VAR-201107-0100 CVE-2011-0223 Apple Safari Used in WebKit Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit is prone to a heap-based memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to visit a malicious webpage. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. NOTE: This issue was previously discussed in BID 48808 (Apple Safari Prior to 5.1 and 5.0.6 Multiple Security Vulnerabilities) but has been given its own record to better document it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6 Safari 5.1 and Safari 5.0.6 are now available and address the following: CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: In certain situations, Safari may treat a file as HTML, even if it is served with the 'text/plain' content type. This may lead to a cross-site scripting attack on sites that allow untrusted users to post text files. This issue is addressed through improved handling of 'text/plain' content. CVE-ID CVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability Research (MSVR), Neal Poole of Matasano Security CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Authenticating to a maliciously crafted website may lead to arbitrary code execution Description: The NTLM authentication protocol is susceptible to a replay attack referred to as credential reflection. Authenticating to a maliciously crafted website may lead to arbitrary code execution. To mitigate this issue, Safari has been updated to utilize protection mechanisms recently added to Windows. This issue does not affect Mac OS X systems. CVE-ID CVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: A root certificate that is disabled may still be trusted Description: CFNetwork did not properly validate that a certificate was trusted for use by a SSL server. As a result, if the user had marked a system root certificate as not trusted, Safari would still accept certificates signed by that root. This issue is addressed through improved certificate validation. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0214 : An anonymous reporter ColorSync Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative CoreFoundation Available for: Windows 7, Vista, XP SP2 or later Impact: Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution Description: An off-by-one buffer overflow issue existed in the handling of CFStrings. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. CVE-ID CVE-2011-0201 : Harry Sintonen CoreGraphics Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert of the Google Security Team International Components for Unicode Available for: Windows 7, Vista, XP SP2 or later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in ICU's handling of uppercase strings. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. CVE-ID CVE-2011-0206 : David Bienvenu of Mozilla ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0204 : Dominic Chell of NGS Secure ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A reentrancy issue existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0204 : Dominic Chell of NGS Secure libxslt Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap Description: libxslt's implementation of the generate-id() XPath function disclosed the address of a heap buffer. Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0195 : Chris Evans of the Google Chrome Security Team libxml Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A one-byte heap buffer overflow existed in libxml's handling of XML data. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0216 : Billy Rios of the Google Security Team Safari Available for: Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: If the "AutoFill web forms" feature is enabled, visiting a maliciously crafted website and typing may lead to the disclosure of information from the user's Address Book Description: Safari's "AutoFill web forms" feature filled in non- visible form fields, and the information was accessible by scripts on the site before the user submitted the form. This issue is addressed by displaying all fields that will be filled, and requiring the user's consent before AutoFill information is available to the form. CVE-ID CVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah Grossman] Safari Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: With a certain Java configuration, visiting a malicious website may lead to unexpected text being displayed on other sites Description: A cross origin issue existed in the handling of Java Applets. This applies when Java is enabled in Safari, and Java is configured to run within the browser process. Fonts loaded by a Java applet could affect the display of text content from other sites. This issue is addressed by running Java applets in a separate process. CVE-ID CVE-2011-0219 : Joshua Smith of Kaon Interactive WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability Research (MSVR), wushi of team509, and Yong Li of Research In Motion Ltd CVE-2011-0164 : Apple CVE-2011-0218 : SkyLined of Google Chrome Security Team CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0234 : Rob King working with TippingPoint's Zero Day Initiative, wushi of team509 working with TippingPoint's Zero Day Initiative, wushi of team509 working with iDefense VCP CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0237 : wushi of team509 working with iDefense VCP CVE-2011-0238 : Adam Barth of Google Chrome Security Team CVE-2011-0240 : wushi of team509 working with iDefense VCP CVE-2011-0253 : Richard Keen CVE-2011-0254 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0255 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc CVE-2011-0983 : Martin Barbella CVE-2011-1109 : Sergey Glazunov CVE-2011-1114 : Martin Barbella CVE-2011-1115 : Martin Barbella CVE-2011-1117 : wushi of team509 CVE-2011-1121 : miaubiz CVE-2011-1188 : Martin Barbella CVE-2011-1203 : Sergey Glazunov CVE-2011-1204 : Sergey Glazunov CVE-2011-1288 : Andreas Kling of Nokia CVE-2011-1293 : Sergey Glazunov CVE-2011-1296 : Sergey Glazunov CVE-2011-1449 : Marek Majkowski, wushi of team 509 working with iDefense VCP CVE-2011-1451 : Sergey Glazunov CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-1457 : John Knottenbelt of Google CVE-2011-1462 : wushi of team509 CVE-2011-1797 : wushi of team509 WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A configuration issue existed in WebKit's use of libxslt. Visiting a maliciously crafted website may lead to arbitrary files being created with the privileges of the user, which may lead to arbitrary code execution. This issue is addressed through improved libxslt security settings. CVE-ID CVE-2011-1774 : Nicolas Gregoire of Agarri WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an information disclosure Description: A cross-origin issue existed in the handling of Web Workers. Visiting a maliciously crafted website may lead to an information disclosure. CVE-ID CVE-2011-1190 : Daniel Divricean of divricean.ro WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of URLs with an embedded username. Visiting a maliciously crafted website may lead to a cross-site scripting attack. This issue is addressed through improved handling of URLs with an embedded username. CVE-ID CVE-2011-0242 : Jobert Abma of Online24 WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of DOM nodes. Visiting a maliciously crafted website may lead to a cross- site scripting attack. CVE-ID CVE-2011-1295 : Sergey Glazunov WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: A maliciously crafted website may be able to cause a different URL to be shown in the address bar Description: A URL spoofing issue existed in the handling of the DOM history object. A maliciously crafted website may have been able to cause a different URL to be shown in the address bar. CVE-ID CVE-2011-1107 : Jordi Chancel WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to an information disclosure Description: A canonicalization issue existed in the handling of URLs. Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to arbitrary files being sent from the user's system to a remote server. This update addresses the issue through improved handling of URLs. CVE-ID CVE-2011-0244 : Jason Hullinger WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Applications that use WebKit, such as mail clients, may connect to an arbitrary DNS server upon processing HTML content Description: DNS prefetching was enabled by default in WebKit. Applications that use WebKit, such a s mail clients, may connect to an arbitrary DNS server upon processing HTML content. This update addresses the issue by requiring applications to opt in to DNS prefetching. CVE-ID CVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd. Note: Safari 5.1 is included with OS X Lion. Safari 5.1 and Safari 5.0.6 address the same set of security issues. Safari 5.1 is provided for Mac OS X v10.6, and Windows systems. Safari 5.0.6 is provided for Mac OS X v10.5 systems. Safari 5.1 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/ Safari 5.0.6 is available via the Apple Software Update application, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Safari for Mac OS X v10.6.8 and later The download file is named: Safari5.1SnowLeopard.dmg Its SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24 Safari for Mac OS X v10.5.8 The download file is named: Safari5.0.6Leopard.dmg Its SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f Safari for Windows 7, Vista or XP The download file is named: SafariSetup.exe Its SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36 Safari for Windows 7, Vista or XP from the Microsoft Choice Screen The download file is named: Safari_Setup.exe Its SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b Safari+QuickTime for Windows 7, Vista or XP The file is named: SafariQuickTimeSetup.exe Its SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw up9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD MeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY nKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb vesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/ KD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ= =fOfF -----END PGP SIGNATURE----- . iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND WebKit is an open source web browser engine. It is currently used by Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For more information, see the vendor's site at the following link. http://webkit.org/ II. The vulnerability occurs when parsing a frameset element with a malicious style attribute. Specifically, by setting the padding property to certain values it is possible to trigger a heap based memory corruption vulnerability. III. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. After the user visits the malicious web page, no further user interaction is needed. IV. DETECTION Safari versions prior to 5.1 and 5.0.6 are vulnerable. V. WORKAROUND iDefense is currently unaware of an effective workaround for this vulnerability as it occurs in the core parsing code. However, disabling scripting will make the vulnerability more difficult to exploit using known techniques. VI. VENDOR RESPONSE Apple Inc. For more information, consult their advisory at the following URL: http://support.apple.com/kb/HT4808 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2011-0223 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 02/25/2011 Initial Vendor Notification 02/25/2011 Initial Vendor Reply 07/20/2011 Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by Jose A. Vazquez of {http://spa-s3c.blogspot.com}. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2011 Verisign Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45325 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45325/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 RELEASE DATE: 2011-07-22 DISCUSS ADVISORY: http://secunia.com/advisories/45325/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45325/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. 1) An error within CFNetwork when handling the "text/plain" content type can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) An error exists within CFNetwork when handling SSL certificates, which does not properly verify disabled root certificates. 4) An integer overflow error exists within the ColorSync component. For more information see vulnerability #5 in: SA45054 5) An off-by-one error exists within the CoreFoundation framework. For more information see vulnerability #6 in: SA45054 6) An integer overflow error exists in CoreGraphics. For more information see vulnerability #7 in: SA45054 7) An error exists within ICU (International Components for Unicode). For more information see vulnerability #11 in: SA45054 8) An error exists in ImageIO within the handling of TIFF files when handling certain uppercase strings. For more information see vulnerability #9 in: SA45054 9) An error in ImageIO within the handling of CCITT Group 4 encoded TIFF image files can be exploited to cause a heap-based buffer overflow. 10) A use-after-free error within WebKit when handling TIFF images can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 11) An error within libxslt can be exploited to disclose certain addresses from the heap. For more information see vulnerability #2 in: SA43832 12) An off-by-one error within libxml when handling certain XML data can be exploited to cause a heap-based buffer overflow. 13) An error in the "AutoFill web forms" feature can be exploited to disclose certain information from the user's Address Book by tricking a user into visiting a specially crafted web page. 15) Multiple unspecified errors in the WebKit component can be exploited to corrupt memory. 16) An error within WebKit when handling libxslt configurations can be exploited to create arbitrary files. 18) A cross-origin error when handling certain URLs containing a username can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 19) A cross-origin error when handling DOM nodes can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 20) An error within the handling of DOM history objects can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar. 22) A weakness in WebKit can lead to remote DNS prefetching For more information see vulnerability #6 in: SA42312 23) A use-after-free error within WebKit when processing MathML markup tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 25) A use-after-free error within WebKit when handling XHTML tags can result in an invalid tag pointer being dereferenced when a user views a specially crafted web page. 26) A use-after-free error within WebKit when handling SVG tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. SOLUTION: Update to version 5.1 or 5.0.6. PROVIDED AND/OR DISCOVERED BY: 10) Juan Pablo Lopez Yacubian via iDefense 4) binaryproof via ZDI 8) Dominic Chell, NGS Secure 23, 25, 26) wushi, team509 via iDefense 24) Jose A. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
VAR-201106-0117 CVE-2011-2094 Adobe Reader and Acrobat Vulnerable to buffer overflow CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2097. Adobe Reader and Acrobat Contains a buffer overflow vulnerability. This vulnerability CVE-2011-2095 and CVE-2011-2097 Is a different vulnerability.An attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file loaded by the 3difr.x3d component. The application will duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application. More details can be found at: http://www.adobe.com/support/security/bulletins/apsb11-16.html -- Disclosure Timeline: 2010-11-29 - Vulnerability reported to vendor 2011-06-14 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Adobe has released Security Bulletin APSB11-17, which describes multiple vulnerabilities affecting Adobe Shockwave Player. Adobe has released Security Bulletin APSB11-18, which describes multiple vulnerabilities affecting Adobe Flash Player. I. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems. Adobe Security Bulletin APSB11-17 describes a number of vulnerabilities affecting Adobe Shockwave Player. These vulnerabilities affect Shockwave Player 11.5.9.620 and earlier versions. An attacker could exploit this vulnerability by convincing a user to open specially crafted Shockwave content. Shockwave content is commonly hosted on a web page, but it can also be embedded in PDF and other documents or provided as a stand-alone file. Adobe Security Bulletin APSB11-18 describes a number of vulnerabilities affecting Adobe Flash Player. These vulnerabilities affect Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems. These vulnerabilities also affect Flash Player 10.3.185.23 and earlier versions for Android. An attacker could exploit this vulnerability by convincing a user to open specially crafted Flash content. Flash content is commonly hosted on a web page, but it can also be embedded in PDF and other documents or provided as a stand-alone file. II. Impact These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file. III. Solution Update Reader Adobe has released updates to address this issue. Update Adobe Shockwave Player Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB11-17 and update vulnerable versions of Adobe Shockwave Player. Update Adobe Flash Player Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB11-18 and update vulnerable versions of Adobe Adobe Flash Player. Disable Flash in your web browser Uninstall Flash or restrict which sites are allowed to run Flash. To the extent possible, only run trusted Flash content on trusted domains. For more information, see Securing Your Web Browser. Disable Flash in Adobe Reader and Acrobat Disabling Flash in Adobe Reader will mitigate attacks that rely on Flash content embedded in a PDF file. Disabling 3D & Multimedia support does not directly address the vulnerability, but it does provide additional mitigation and results in a more user-friendly error message instead of a crash. To disable Flash and 3D & Multimedia support in Adobe Reader 9, delete, rename, or remove access to these files: Microsoft Windows "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll" Apple Mac OS X "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle" "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework" GNU/Linux (locations may vary among distributions) "/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so" "/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so" File locations may be different for Adobe Acrobat or other Adobe products that include Flash and 3D & Multimedia support. Disabling these plugins will reduce functionality and will not protect against Flash content hosted on websites. Depending on the update schedule for products other than Flash Player, consider leaving Flash and 3D & Multimedia support disabled unless they are absolutely required. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript). Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this feature may be useful when specific APIs are known to be vulnerable or used in attacks. Prevent Internet Explorer from automatically opening PDF files The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the display of PDF files in the web browser Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied, it may also mitigate future vulnerabilities. To prevent PDF files from automatically being opened in a web browser, do the following: 1. 2. Open the Edit menu. 3. Choose the Preferences option. 4. Choose the Internet section. 5. Uncheck the "Display PDF in browser" checkbox. Do not access PDF files from untrusted sources Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010. IV. References * Security update available for Adobe Reader and Acrobat - <http://www.adobe.com/support/security/bulletins/apsb11-16.html> * Adobe Reader and Acrobat JavaScript Blacklist Framework - <http://kb2.adobe.com/cps/504/cpsid_50431.html> * Security update available for Adobe Flash Player - <http://www.adobe.com/support/security/bulletins/apsb11-18.html> * Security update available for Adobe Shockwave Player - <http://www.adobe.com/support/security/bulletins/apsb11-17.html> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA11-166A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA11-166A Feedback" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2011 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History June 15, 2011: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTfjkdz6pPKYJORa3AQL96Af/bfXjpbygssCruFOpIPCRkp2YprLJLjjc D+ydEKvBTLYUqm5QgUD99bKwcUjQvwbZRuQDM2hhb49+TeTQPWR3gKvSqasviAC9 wu73HEw6I5ystOW/v0m+IglgbQH6qBr1VdycxOQf3z63sWbt4XafBpbY3t4klcfj Wc9ysRAY0RbInH5oyxJrOZz68OFUJj+ZsJw7wvnC3kgd3r6Q92nEM0cAiuNxmk0l 4g+HR0LuQRrgurAiX/zdAylByhOVmzBAqHhPk9pEdlf6XgEAhu/nSHrPa9jD+YKh DtDSf9ETAnsqjY7zjP1RdgjcUU1HbzU1Egs3LOy33zfHEzKZZJe2QA== =p3nZ -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/ ---------------------------------------------------------------------- TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43269 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269 RELEASE DATE: 2011-06-16 DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43269/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43269 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. 1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow. 2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow. 3) An unspecified error can be exploited to cause a heap-based buffer overflow. 4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file. 5) An unspecified error can be exploited to corrupt memory. 6) An unspecified error can be exploited to corrupt memory. 7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share. 9) An unspecified error can be exploited to bypass certain security restrictions. 10) An unspecified error can be exploited to corrupt memory. 11) An unspecified error can be exploited to corrupt memory. 12) An unspecified error can be exploited to corrupt memory. 13) An unspecified error can be exploited to corrupt memory. SOLUTION: Apply updates (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research. The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico. ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html Secunia Research: http://secunia.com/secunia_research/2011-41/ ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201107-0023 CVE-2011-0234 Apple Safari Used in WebKit Vulnerable to arbitrary code execution CVSS V2: 9.0
CVSS V3: -
Severity: HIGH
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. When freeing the container holding the Frame element, the reference will still be available. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within how the application manages a reference to an anonymous block located near a particular element within the document. When cloning this element, the application will duplicate a reference to the block and then later re-attach this element to the rendering tree. During this process the library will free the original rendering element. Subsequent access to the same element will then cause the library to use the freed object. This can be utilized to achieve code execution under the context of the application. WebKit is prone to a memory corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks may result in information disclosure, remote code execution, denial of service, or other consequences. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously discussed in 48808 (Apple Safari Prior to 5.1 and 5.0.6 Multiple Security Vulnerabilities) but has been given its own record to better document it. This may lead to a cross-site scripting attack on sites that allow untrusted users to post text files. To mitigate this issue, Safari has been updated to utilize protection mechanisms recently added to Windows. This issue does not affect Mac OS X systems. This issue does not affect Mac OS X systems. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. This issue does not affect Mac OS X systems. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. This issue is addressed by displaying all fields that will be filled, and requiring the user's consent before AutoFill information is available to the form. CVE-ID CVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah Grossman] Safari Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: With a certain Java configuration, visiting a malicious website may lead to unexpected text being displayed on other sites Description: A cross origin issue existed in the handling of Java Applets. This applies when Java is enabled in Safari, and Java is configured to run within the browser process. Fonts loaded by a Java applet could affect the display of text content from other sites. A maliciously crafted website may have been able to cause a different URL to be shown in the address bar. CVE-ID CVE-2011-0244 : Jason Hullinger WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Applications that use WebKit, such as mail clients, may connect to an arbitrary DNS server upon processing HTML content Description: DNS prefetching was enabled by default in WebKit. Applications that use WebKit, such a s mail clients, may connect to an arbitrary DNS server upon processing HTML content. This update addresses the issue by requiring applications to opt in to DNS prefetching. CVE-ID CVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd. Note: Safari 5.1 is included with OS X Lion. Safari 5.1 and Safari 5.0.6 address the same set of security issues. Safari 5.1 is provided for Mac OS X v10.6, and Windows systems. Safari 5.0.6 is provided for Mac OS X v10.5 systems. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45325 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45325/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 RELEASE DATE: 2011-07-22 DISCUSS ADVISORY: http://secunia.com/advisories/45325/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45325/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. 1) An error within CFNetwork when handling the "text/plain" content type can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) An error exists within CFNetwork when handling SSL certificates, which does not properly verify disabled root certificates. 4) An integer overflow error exists within the ColorSync component. For more information see vulnerability #5 in: SA45054 5) An off-by-one error exists within the CoreFoundation framework. For more information see vulnerability #6 in: SA45054 6) An integer overflow error exists in CoreGraphics. For more information see vulnerability #7 in: SA45054 7) An error exists within ICU (International Components for Unicode). For more information see vulnerability #11 in: SA45054 8) An error exists in ImageIO within the handling of TIFF files when handling certain uppercase strings. For more information see vulnerability #9 in: SA45054 9) An error in ImageIO within the handling of CCITT Group 4 encoded TIFF image files can be exploited to cause a heap-based buffer overflow. 10) A use-after-free error within WebKit when handling TIFF images can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 11) An error within libxslt can be exploited to disclose certain addresses from the heap. For more information see vulnerability #2 in: SA43832 12) An off-by-one error within libxml when handling certain XML data can be exploited to cause a heap-based buffer overflow. 13) An error in the "AutoFill web forms" feature can be exploited to disclose certain information from the user's Address Book by tricking a user into visiting a specially crafted web page. 15) Multiple unspecified errors in the WebKit component can be exploited to corrupt memory. 16) An error within WebKit when handling libxslt configurations can be exploited to create arbitrary files. 18) A cross-origin error when handling certain URLs containing a username can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 19) A cross-origin error when handling DOM nodes can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 20) An error within the handling of DOM history objects can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar. 22) A weakness in WebKit can lead to remote DNS prefetching For more information see vulnerability #6 in: SA42312 23) A use-after-free error within WebKit when processing MathML markup tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 24) An error within WebKit when parsing a frameset element can be exploited to cause a heap-based buffer overflow. 25) A use-after-free error within WebKit when handling XHTML tags can result in an invalid tag pointer being dereferenced when a user views a specially crafted web page. 26) A use-after-free error within WebKit when handling SVG tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. PROVIDED AND/OR DISCOVERED BY: 10) Juan Pablo Lopez Yacubian via iDefense 4) binaryproof via ZDI 8) Dominic Chell, NGS Secure 23, 25, 26) wushi, team509 via iDefense 24) Jose A. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND Safari is Apple's web browser, and is based on the open source WebKit browser engine. MobileSafari is Safari for Apple's mobile devices including the iPad and iPhone. For more information, see the vendor's site found at the following link. http://www.apple.com/safari/ II. Safari is Apple's Web browser and is based on the open source WebKit browser engine. This vulnerability occurs when Safari incorrectly handles an error state when encountering a broken XHTML tag. Specifically, the tag enclosing the tag being processed is freed and is then referenced after it has already been freed. III. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. IV. DETECTION Safari versions prior to 5.1 and 5.0.6 are vulnerable. V. WORKAROUND Disabling JavaScript is an effective workaround for this vulnerability. VI. VENDOR RESPONSE Apple Inc. For more information, consult their advisory at the following URL: http://support.apple.com/kb/HT4808 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2011-0234 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 06/01/2011 Initial Vendor Notification 06/01/2011 Initial Vendor Reply 07/20/2011 Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by wushi of team509. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2011 Verisign Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-1 iOS 5 Software Update iOS 5 Software Update is now available and addresses the following: CalDAV Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information from a CalDAV calendar server Description: CalDAV did not check that the SSL certificate presented by the server was trusted. CVE-ID CVE-2011-3253 : Leszek Tasiemski of nSense Calendar Available for: iOS 4.2.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 4.2.0 through 4.3.5 for iPod touch (3rd generation) and later, iOS 4.2.0 through 4.3.5 for iPad Impact: Viewing a maliciously crafted calendar invitation may inject script in the local domain Description: A script injection issue existed in Calendar's handling of invitation notes. This issue is addressed through improved escaping of special characters in invitation notes. This issues does not affect devices prior to iOS 4.2.0. CVE-ID CVE-2011-3254 : Rick Deacon CFNetwork Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: User's AppleID password may be logged to a local file Description: A user's AppleID password and username were logged to a file that was readable by applications on the system. This is resolved by no longer logging these credentials. CVE-ID CVE-2011-3255 : Peter Quade of qdevelop CFNetwork Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook CoreFoundation Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization. CVE-ID CVE-2011-0259 : Apple CoreGraphics Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a document containing a maliciously crafted font may lead to arbitrary code execution Description: Multiple memory corruption existed in freetype, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. CVE-ID CVE-2011-3256 : Apple CoreMedia Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) Data Access Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An exchange mail cookie management issue could incorrectly cause data synchronization across different accounts Description: When multiple mail exchange accounts are configured which connect to the same server, a session could potentially receive a valid cookie corresponding to a different account. This issue is addressed by ensuring that cookies are separated across different accounts. CVE-ID CVE-2011-3257 : Bob Sielken of IBM Data Security Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted. Data Security Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Support for X.509 certificates with MD5 hashes may expose users to spoofing and information disclosure as attacks improve Description: Certificates signed using the MD5 hash algorithm were accepted by iOS. This algorithm has known cryptographic weaknesses. Further research or a misconfigured certificate authority could have allowed the creation of X.509 certificates with attacker controlled values that would have been trusted by the system. This would have exposed X.509 based protocols to spoofing, man in the middle attacks, and information disclosure. This update disables support for an X.509 certificate with an MD5 hash for any use other than as a trusted root certificate. CVE-ID CVE-2011-3427 Data Security Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An attacker could decrypt part of a SSL connection Description: Only the SSLv3 and TLS 1.0 versions of SSL were supported. These versions are subject to a protocol weakness when using block ciphers. A man-in-the-middle attacker could have injected invalid data, causing the connection to close but revealing some information about the previous data. If the same connection was attempted repeatedly the attacker may eventually have been able to decrypt the data being sent, such as a password. This issue is addressed by adding support for TLS 1.2. CVE-ID CVE-2011-3389 Home screen Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Switching between applications may lead to the disclosure of sensitive application information Description: When switching between applications with the four- finger app switching gesture, the display could have revealed the previous application state. This issue is addressed by ensuring that the system properly calls the applicationWillResignActive: method when transitioning between applications. CVE-ID CVE-2011-3431 : Abe White of Hedonic Software Inc. ImageIO Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images. CVE-ID CVE-2011-0192 : Apple ImageIO Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF images. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies International Components for Unicode Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in ICU's generation of collation keys for long strings of mostly uppercase letters. CVE-ID CVE-2011-0206 : David Bienvenu of Mozilla Kernel Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: A remote attacker may cause a device reset Description: The kernel failed to promptly reclaim memory from incomplete TCP connections. An attacker with the ability to connect to a listening service on an iOS device could exhaust system resources. CVE-ID CVE-2011-3259 : Wouter van der Veer of Topicus I&I, and Josh Enders Kernel Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: A local user may be able to cause a system reset Description: A null dereference issue existed in the handling of IPV6 socket options. CVE-ID CVE-2011-1132 : Thomas Clement of Intego Keyboards Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: A user may be able to determine information about the last character of a password Description: The keyboard used to type the last character of a password was briefly displayed the next time the keyboard was used. CVE-ID CVE-2011-3245 : Paul Mousdicas libxml Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A one-byte heap buffer overflow existed in libxml's handling of XML data. CVE-ID CVE-2011-0216 : Billy Rios of the Google Security Team OfficeImport Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a maliciously crafted Word file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in OfficeImport's handling of Microsoft Word documents. CVE-ID CVE-2011-3260 : Tobias Klein working with Verisign iDefense Labs OfficeImport Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in OfficeImport's handling of Excel files. CVE-ID CVE-2011-3261 : Tobias Klein of www.trapkit.de OfficeImport Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in OfficeImport's handling of Microsoft Office files. CVE-ID CVE-2011-0208 : Tobias Klein working with iDefense VCP OfficeImport Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in OfficeImport's handling of Excel files. CVE-ID CVE-2011-0184 : Tobias Klein working with iDefense VCP Safari Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Opening maliciously crafted files on certain websites may lead to a cross-site scripting attack Description: iOS did not support the 'attachment' value for the HTTP Content-Disposition header. This header is used by many websites to serve files that were uploaded to the site by a third-party, such as attachments in web-based e-mail applications. Any script in files served with this header value would run as if the file had been served inline, with full access to other resources on the origin server. This issue is addressed by loading attachments in an isolated security origin with no access to resources on other sites. CVE-ID CVE-2011-3426 : Christian Matthies working with iDefense VCP, Yoshinori Oota from Business Architects Inc working with JP/CERT Settings Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An attacker with physical access to a device may be able to recover the restrictions passcode Description: The parental restrictions functionality enforces UI restrictions. Configuring parental restrictions is protected by a passcode, which was previously stored in plaintext on disk. This issue is addressed by securely storing the parental restrictions passcode in the system keychain. CVE-ID CVE-2011-3429 : an anonymous reporter Settings Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Misleading UI Description: Configurations and settings applied via configuration profiles did not appear to function properly under any non-English language. Settings could be improperly displayed as a result. This issue is addressed by fixing a localization error. CVE-ID CVE-2011-3430 : Florian Kreitmaier of Siemens CERT UIKit Alerts Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a malicious website may cause an unexpected device hang Description: An excessive maximum text layout length permitted malicious websites to cause iOS to hang when drawing acceptance dialogs for very long tel: URIs. This issue is addressed by using a more reasonable maximum URI size. CVE-ID CVE-2011-3432 : Simon Young of Anglia Ruskin University WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. CVE-ID CVE-2011-0218 : SkyLined of Google Chrome Security Team CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0234 : Rob King working with TippingPoint's Zero Day Initiative, wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0238 : Adam Barth of Google Chrome Security Team CVE-2011-0254 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0255 : An anonymous reporter working with TippingPoint's Zero Day Initiative CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc CVE-2011-0983 : Martin Barbella CVE-2011-1109 : Sergey Glazunov CVE-2011-1114 : Martin Barbella CVE-2011-1115 : Martin Barbella CVE-2011-1117 : wushi of team509 CVE-2011-1121 : miaubiz CVE-2011-1188 : Martin Barbella CVE-2011-1203 : Sergey Glazunov CVE-2011-1204 : Sergey Glazunov CVE-2011-1288 : Andreas Kling of Nokia CVE-2011-1293 : Sergey Glazunov CVE-2011-1296 : Sergey Glazunov CVE-2011-1449 : Marek Majkowski CVE-2011-1451 : Sergey Glazunov CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-1457 : John Knottenbelt of Google CVE-2011-1462 : wushi of team509 CVE-2011-1797 : wushi of team509 CVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2339 : Cris Neckar of the Google Chrome Security Team CVE-2011-2341 : Apple CVE-2011-2351 : miaubiz CVE-2011-2352 : Apple CVE-2011-2354 : Apple CVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2011-2359 : miaubiz CVE-2011-2788 : Mikolaj Malecki of Samsung CVE-2011-2790 : miaubiz CVE-2011-2792 : miaubiz CVE-2011-2797 : miaubiz CVE-2011-2799 : miaubiz CVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-2813 : Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2816 : Apple CVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2818 : Martin Barbella CVE-2011-2820 : Raman Tenneti and Philip Rogers of Google CVE-2011-2823 : SkyLined of Google Chrome Security Team CVE-2011-2827 : miaubiz CVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-3232 : Aki Helin of OUSPG CVE-2011-3234 : miaubiz CVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-3244 : vkouchna WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of URLs with an embedded username. This issue is addressed through improved handling of URLs with an embedded username. CVE-ID CVE-2011-0242 : Jobert Abma of Online24 WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of DOM nodes. CVE-ID CVE-2011-1295 : Sergey Glazunov WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: A maliciously crafted website may be able to cause a different URL to be shown in the address bar Description: A URL spoofing issue existed in the handling of the DOM history object. CVE-ID CVE-2011-1107 : Jordi Chancel WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A configuration issue existed in WebKit's use of libxslt. Visiting a maliciously crafted website may lead to arbitrary files being created with the privileges of the user, which may lead to arbitrary code execution. This issue is addressed through improved libxslt security settings. CVE-ID CVE-2011-1774 : Nicolas Gregoire of Agarri WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a malicious website and dragging content in the page may lead to an information disclosure Description: A cross-origin issue existed in WebKit's handling of HTML5 drag and drop. This issue is addressed by disallowing drag and drop across different origins. CVE-ID CVE-2011-0166 : Michal Zalewski of Google Inc. WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to an information disclosure Description: A cross-origin issue existed in the handling of Web Workers. CVE-ID CVE-2011-1190 : Daniel Divricean of divricean.ro WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of the window.open method. CVE-ID CVE-2011-2805 : Sergey Glazunov WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of inactive DOM windows. CVE-ID CVE-2011-3243 : Sergey Glazunov WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of the document.documentURI property. CVE-ID CVE-2011-2819 : Sergey Glazunov WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: A maliciously crafted website may be able to track the URLs that a user visits within a frame Description: A cross-origin issue existed in the handling of the beforeload event. CVE-ID CVE-2011-2800 : Juho Nurminen WiFi Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: WiFi credentials may be logged to a local file Description: WiFi credentials including the passphrase and encryption keys were logged to a file that was readable by applications on the system. This is resolved by no longer logging these credentials. CVE-ID CVE-2011-3434 : Laurent OUDOT of TEHTRI Security Installation note: This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone, iPod touch, or iPad. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone, iPod touch, or iPad is docked to your computer. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "5 (9A334)". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJOldmtAAoJEGnF2JsdZQee/qMIAIPxmIiOqj+FMLFHZtPeC/Dp 3s4JliKOOgNnjXkxErfaNvYGmeVbDaUER5jdVrWccTauzlYmy8G4uK0An2GD2YiP gB5AiCQXpONdBCi38QNdRqrYoYjc8Sa0nUp4r5uWPoiHoj5KfxvBpgygEL+zjHXS fmnrONOCWhOYp0w4q6mdTg5BH2uJCbXscD/JjbmgHQI0Vs/iUZKSRyqFo2b0Mvze NiSyzcj/4l62Cxx7xM9VbdrYL7Al2yyHfNYJQsZmoeDUlJQcdgEgEMXvOuhY3sFK maxYr2oCp6Mtf53fplAeJIV4ijLynEWAKxTuTznAyW1k7oiGrDTfORSFKPEB9MQ= =LCQZ -----END PGP SIGNATURE-----
VAR-201106-0031 CVE-2011-2102 Adobe Reader and Acrobat Vulnerable to access restrictions CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors. An attacker can exploit this issue to bypass intended security restrictions; this may aid in other attacks. Adobe Reader and Acrobat 10.x versions prior to 10.1 are affected. Adobe has released Security Bulletin APSB11-17, which describes multiple vulnerabilities affecting Adobe Shockwave Player. Adobe has released Security Bulletin APSB11-18, which describes multiple vulnerabilities affecting Adobe Flash Player. I. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems. Adobe Security Bulletin APSB11-17 describes a number of vulnerabilities affecting Adobe Shockwave Player. These vulnerabilities affect Shockwave Player 11.5.9.620 and earlier versions. An attacker could exploit this vulnerability by convincing a user to open specially crafted Shockwave content. Shockwave content is commonly hosted on a web page, but it can also be embedded in PDF and other documents or provided as a stand-alone file. Adobe Security Bulletin APSB11-18 describes a number of vulnerabilities affecting Adobe Flash Player. These vulnerabilities affect Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems. These vulnerabilities also affect Flash Player 10.3.185.23 and earlier versions for Android. An attacker could exploit this vulnerability by convincing a user to open specially crafted Flash content. Flash content is commonly hosted on a web page, but it can also be embedded in PDF and other documents or provided as a stand-alone file. II. Impact These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file. If a user opens specially crafted Shockwave content, a remote attacker may be able to execute arbitrary code. If a user opens specially crafted Flash content, a remote attacker may be able to execute arbitrary code. III. Solution Update Reader Adobe has released updates to address this issue. Update Adobe Shockwave Player Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB11-17 and update vulnerable versions of Adobe Shockwave Player. Update Adobe Flash Player Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB11-18 and update vulnerable versions of Adobe Adobe Flash Player. Disable Flash in your web browser Uninstall Flash or restrict which sites are allowed to run Flash. To the extent possible, only run trusted Flash content on trusted domains. For more information, see Securing Your Web Browser. Disable Flash in Adobe Reader and Acrobat Disabling Flash in Adobe Reader will mitigate attacks that rely on Flash content embedded in a PDF file. Disabling 3D & Multimedia support does not directly address the vulnerability, but it does provide additional mitigation and results in a more user-friendly error message instead of a crash. To disable Flash and 3D & Multimedia support in Adobe Reader 9, delete, rename, or remove access to these files: Microsoft Windows "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll" Apple Mac OS X "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle" "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework" GNU/Linux (locations may vary among distributions) "/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so" "/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so" File locations may be different for Adobe Acrobat or other Adobe products that include Flash and 3D & Multimedia support. Disabling these plugins will reduce functionality and will not protect against Flash content hosted on websites. Depending on the update schedule for products other than Flash Player, consider leaving Flash and 3D & Multimedia support disabled unless they are absolutely required. Disable JavaScript in Adobe Reader and Acrobat Disabling JavaScript may prevent some exploits from resulting in code execution. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript). Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this feature may be useful when specific APIs are known to be vulnerable or used in attacks. Prevent Internet Explorer from automatically opening PDF files The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the display of PDF files in the web browser Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied, it may also mitigate future vulnerabilities. To prevent PDF files from automatically being opened in a web browser, do the following: 1. 2. Open the Edit menu. 3. Choose the Preferences option. 4. Choose the Internet section. 5. Uncheck the "Display PDF in browser" checkbox. Do not access PDF files from untrusted sources Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010. IV. References * Security update available for Adobe Reader and Acrobat - <http://www.adobe.com/support/security/bulletins/apsb11-16.html> * Adobe Reader and Acrobat JavaScript Blacklist Framework - <http://kb2.adobe.com/cps/504/cpsid_50431.html> * Security update available for Adobe Flash Player - <http://www.adobe.com/support/security/bulletins/apsb11-18.html> * Security update available for Adobe Shockwave Player - <http://www.adobe.com/support/security/bulletins/apsb11-17.html> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA11-166A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA11-166A Feedback" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2011 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History June 15, 2011: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTfjkdz6pPKYJORa3AQL96Af/bfXjpbygssCruFOpIPCRkp2YprLJLjjc D+ydEKvBTLYUqm5QgUD99bKwcUjQvwbZRuQDM2hhb49+TeTQPWR3gKvSqasviAC9 wu73HEw6I5ystOW/v0m+IglgbQH6qBr1VdycxOQf3z63sWbt4XafBpbY3t4klcfj Wc9ysRAY0RbInH5oyxJrOZz68OFUJj+ZsJw7wvnC3kgd3r6Q92nEM0cAiuNxmk0l 4g+HR0LuQRrgurAiX/zdAylByhOVmzBAqHhPk9pEdlf6XgEAhu/nSHrPa9jD+YKh DtDSf9ETAnsqjY7zjP1RdgjcUU1HbzU1Egs3LOy33zfHEzKZZJe2QA== =p3nZ -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/ ---------------------------------------------------------------------- TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43269 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269 RELEASE DATE: 2011-06-16 DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43269/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43269 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. 1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow. 2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow. 3) An unspecified error can be exploited to cause a heap-based buffer overflow. 4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file. 5) An unspecified error can be exploited to corrupt memory. 6) An unspecified error can be exploited to corrupt memory. 7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share. 8) Certain unspecified input is not properly sanitised and can be exploited to execute arbitrary script code. 10) An unspecified error can be exploited to corrupt memory. 11) An unspecified error can be exploited to corrupt memory. 12) An unspecified error can be exploited to corrupt memory. 13) An unspecified error can be exploited to corrupt memory. SOLUTION: Apply updates (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research. The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico. ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html Secunia Research: http://secunia.com/secunia_research/2011-41/ ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201106-0030 CVE-2011-2101 Adobe Reader and Acrobat Vulnerable to buffer overflow CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability.". Adobe Reader and Acrobat are prone to an unspecified cross-domain scripting vulnerability. Adobe Reader and Acrobat versions prior to 10.1 are affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA11-166A Adobe Updates for Multiple Vulnerabilities Original release date: June 15, 2011 Last revised: -- Source: US-CERT Systems Affected * Adobe Reader X (10.0.1) and earlier 10.x versions for Windows * Adobe Reader X (10.0.3) and earlier 10.x versions for Macintosh * Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh * Adobe Reader 8.2.6 and earlier 8.x versions for Windows and Macintosh * Adobe Acrobat X (10.0.3) and earlier 10.x versions for Windows and Macintosh * Adobe Acrobat 9.4.3 and earlier 9.x versions for Windows and Macintosh * Adobe Acrobat 8.2.6 and earlier 8.x versions for Windows and Macintosh * Shockwave Player 11.5.9.620 and earlier versions for Windows and Macintosh. Adobe has released Security Bulletin APSB11-17, which describes multiple vulnerabilities affecting Adobe Shockwave Player. Adobe has released Security Bulletin APSB11-18, which describes multiple vulnerabilities affecting Adobe Flash Player. I. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems. Adobe Security Bulletin APSB11-17 describes a number of vulnerabilities affecting Adobe Shockwave Player. These vulnerabilities affect Shockwave Player 11.5.9.620 and earlier versions. An attacker could exploit this vulnerability by convincing a user to open specially crafted Shockwave content. Shockwave content is commonly hosted on a web page, but it can also be embedded in PDF and other documents or provided as a stand-alone file. Adobe Security Bulletin APSB11-18 describes a number of vulnerabilities affecting Adobe Flash Player. These vulnerabilities affect Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems. These vulnerabilities also affect Flash Player 10.3.185.23 and earlier versions for Android. An attacker could exploit this vulnerability by convincing a user to open specially crafted Flash content. Flash content is commonly hosted on a web page, but it can also be embedded in PDF and other documents or provided as a stand-alone file. II. Impact These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file. III. Solution Update Reader Adobe has released updates to address this issue. Update Adobe Shockwave Player Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB11-17 and update vulnerable versions of Adobe Shockwave Player. Update Adobe Flash Player Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB11-18 and update vulnerable versions of Adobe Adobe Flash Player. Disable Flash in your web browser Uninstall Flash or restrict which sites are allowed to run Flash. To the extent possible, only run trusted Flash content on trusted domains. For more information, see Securing Your Web Browser. Disable Flash in Adobe Reader and Acrobat Disabling Flash in Adobe Reader will mitigate attacks that rely on Flash content embedded in a PDF file. Disabling 3D & Multimedia support does not directly address the vulnerability, but it does provide additional mitigation and results in a more user-friendly error message instead of a crash. To disable Flash and 3D & Multimedia support in Adobe Reader 9, delete, rename, or remove access to these files: Microsoft Windows "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll" Apple Mac OS X "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle" "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework" GNU/Linux (locations may vary among distributions) "/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so" "/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so" File locations may be different for Adobe Acrobat or other Adobe products that include Flash and 3D & Multimedia support. Disabling these plugins will reduce functionality and will not protect against Flash content hosted on websites. Depending on the update schedule for products other than Flash Player, consider leaving Flash and 3D & Multimedia support disabled unless they are absolutely required. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript). Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this feature may be useful when specific APIs are known to be vulnerable or used in attacks. Prevent Internet Explorer from automatically opening PDF files The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the display of PDF files in the web browser Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied, it may also mitigate future vulnerabilities. To prevent PDF files from automatically being opened in a web browser, do the following: 1. 2. Open the Edit menu. 3. Choose the Preferences option. 4. Choose the Internet section. 5. Uncheck the "Display PDF in browser" checkbox. Do not access PDF files from untrusted sources Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010. IV. References * Security update available for Adobe Reader and Acrobat - <http://www.adobe.com/support/security/bulletins/apsb11-16.html> * Adobe Reader and Acrobat JavaScript Blacklist Framework - <http://kb2.adobe.com/cps/504/cpsid_50431.html> * Security update available for Adobe Flash Player - <http://www.adobe.com/support/security/bulletins/apsb11-18.html> * Security update available for Adobe Shockwave Player - <http://www.adobe.com/support/security/bulletins/apsb11-17.html> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA11-166A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA11-166A Feedback" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2011 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History June 15, 2011: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTfjkdz6pPKYJORa3AQL96Af/bfXjpbygssCruFOpIPCRkp2YprLJLjjc D+ydEKvBTLYUqm5QgUD99bKwcUjQvwbZRuQDM2hhb49+TeTQPWR3gKvSqasviAC9 wu73HEw6I5ystOW/v0m+IglgbQH6qBr1VdycxOQf3z63sWbt4XafBpbY3t4klcfj Wc9ysRAY0RbInH5oyxJrOZz68OFUJj+ZsJw7wvnC3kgd3r6Q92nEM0cAiuNxmk0l 4g+HR0LuQRrgurAiX/zdAylByhOVmzBAqHhPk9pEdlf6XgEAhu/nSHrPa9jD+YKh DtDSf9ETAnsqjY7zjP1RdgjcUU1HbzU1Egs3LOy33zfHEzKZZJe2QA== =p3nZ -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/ ---------------------------------------------------------------------- TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43269 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269 RELEASE DATE: 2011-06-16 DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43269/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43269 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. 1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow. 2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow. 3) An unspecified error can be exploited to cause a heap-based buffer overflow. 4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file. 5) An unspecified error can be exploited to corrupt memory. 6) An unspecified error can be exploited to corrupt memory. 7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share. 9) An unspecified error can be exploited to bypass certain security restrictions. 10) An unspecified error can be exploited to corrupt memory. 11) An unspecified error can be exploited to corrupt memory. 12) An unspecified error can be exploited to corrupt memory. 13) An unspecified error can be exploited to corrupt memory. SOLUTION: Apply updates (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research. The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico. ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html Secunia Research: http://secunia.com/secunia_research/2011-41/ ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201105-0218 CVE-2011-1804 Google Chrome Used in WebKit of rendering/RenderBox.cpp Service disruption in (DoS) Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer.". Google Chrome is prone to a memory-corruption vulnerability because of a NULL-pointer-dereference error. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow attackers to execute arbitrary code in the context of the browser. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Chrome 11.0.696.71 are vulnerable. Google Chrome is a web browser developed by Google (Google). The vulnerability is caused by a null pointer dereference error when rendering floating-point data
VAR-201105-0008 CVE-2011-0628 Adobe Flash Player Integer overflow vulnerability CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object. Adobe Flash Player is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/ ---------------------------------------------------------------------- TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43269 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43269 RELEASE DATE: 2011-06-16 DISCUSS ADVISORY: http://secunia.com/advisories/43269/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43269/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43269 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. 1) An error in 3difr.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow. 2) An error in tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow. 3) An unspecified error can be exploited to cause a heap-based buffer overflow. 4) An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file. 5) An unspecified error can be exploited to corrupt memory. 6) An unspecified error can be exploited to corrupt memory. 7) An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share. 9) An unspecified error can be exploited to bypass certain security restrictions. This vulnerability affects Adobe Reader and Acrobat X 10.x only. 10) An unspecified error can be exploited to corrupt memory. This vulnerability affects 8.x versions only. 11) An unspecified error can be exploited to corrupt memory. 12) An unspecified error can be exploited to corrupt memory. 13) An unspecified error can be exploited to corrupt memory. For more information: SA44590 SA44846 The vulnerabilities are reported in the following products: * Adobe Reader X (10.0.1) and earlier for Windows. * Adobe Reader X (10.0.3) and earlier for Macintosh. * Adobe Reader 9.4.4 and earlier for Windows and Macintosh. * Adobe Reader 8.2.6 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.0.3) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.4 and earlier for Windows and Macintosh. * Adobe Acrobat 8.2.6 and earlier for Windows and Macintosh. SOLUTION: Apply updates (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1, 2) An anonymous person via ZDI. 4) Secunia Research. The vendor also credits: 3, 6) Tarjei Mandt, Norman. 5) Rodrigo Rubira Branco. 7) Mila Parkour. 8) Billy Rios, Google Security Team. 9) Christian Navarrete, CubilFelino Security Research Lab. 10) Tavis Ormandy, Google Security Team. 11) Brett Gervasoni, Sense of Security. 12) Will Dormann, CERT/CC. 13) James Quirk, Los Alamos, New Mexico. ORIGINAL ADVISORY: Adobe (APSB11-16): http://www.adobe.com/support/security/bulletins/apsb11-16.html Secunia Research: http://secunia.com/secunia_research/2011-41/ ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-218/ http://www.zerodayinitiative.com/advisories/ZDI-11-219/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------