Full Disclosure mailing list archives
GLSA: netscape-flash (200303-9)
From: Daniel Ahlberg <aliz () gentoo org>
Date: Sun, 9 Mar 2003 02:56:33 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-9 - - --------------------------------------------------------------------- PACKAGE : netscape-flash SUMMARY : buffer overflow DATE : 2003-03-09 01:56 UTC EXPLOIT : remote VERSIONS AFFECTED : <6.0.79 FIXED VERSION : =>6.0.79 CVE : - - --------------------------------------------------------------------- - From advisory: "The cumulative security patch is available today and addresses the potential for exploits surrounding buffer overflows (read/write) and sandbox integrity within the player, which might allow malicious users to gain access to a user's computer. The possibility of running native code on a users machine is a theoretical exploit, and extremely difficult to execute in practice. There are no known examples of running such native code from Macromedia Flash movies; however, even though this issue is difficult and theoretical in nature only, we are encouraging users to upgrade." Read the full advisory at: http://www.macromedia.com/v1/handlers/index.cfm?ID=23821 SOLUTION It is recommended that all Gentoo Linux users who are running net-www/netscape-flash upgrade to netscape-flash-6.0.79 as follows: emerge sync emerge netscape-flash emerge clean - - --------------------------------------------------------------------- aliz () gentoo org - GnuPG key is available at http://cvs.gentoo.org/~aliz - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+ap9HfT7nyhUpoZMRAlRuAJ4oOZYqilO1mRTGJW70KA1JI20CuQCggBp3 UGP5R8pxURyGTPEVsbstJMI= =dyfL -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GLSA: netscape-flash (200303-9) Daniel Ahlberg (Mar 08)