Debian Security Advisory 2435-1

Debian Security Advisory 2435-1: Posted Mar 20, 2012; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2435-1 - Several vulnerabilities have been identified in Gnash, the GNU Flash player.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2010-4337, CVE-2011-4328, CVE-2012-1175; SHA-256 | 34960b52896a8f9019840896157b6ace872e440f5a13dee51a2a1f73ac9facb4; Download | Favorite | View

Debian Security Advisory 2435-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2435-1                   security@debian.org
http://www.debian.org/security/                          Gabriele Giacone
March 19, 2012                         http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : gnash
Vulnerability  : several
Problem type   : local / local (remote)
Debian-specific: no
CVE ID         : CVE-2010-4337 CVE-2011-4328 CVE-2012-1175
Debian Bug     : 605419 649384 664023

Several vulnerabilities have been identified in Gnash, the GNU Flash
player.

CVE-2012-1175 

  Tielei Wang from Georgia Tech Information Security Center discovered a
  vulnerability in GNU Gnash which is caused due to an integer overflow
  error and can be exploited to cause a heap-based buffer overflow by
  tricking a user into opening a specially crafted SWF file.

CVE-2011-4328

  Alexander Kurtz discovered an unsafe management of HTTP cookies. Cookie
  files are stored under /tmp and have predictable names, vulnerability
  that allows a local attacker to overwrite arbitrary files the users has
  write permissions for, and are also world-readable which may cause
  information leak.

CVE-2010-4337

  Jakub Wilk discovered an unsafe management of temporary files during the
  build process. Files are stored under /tmp and have predictable names,
  vulnerability that allows a local attacker to overwrite arbitrary files
  the users has write permissions for.

For the stable distribution (squeeze), this problem has been fixed in
version 0.8.8-5+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 0.8.10-5.

We recommend that you upgrade your gnash packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk9nusMACgkQQWTRs4lLtHkgpwCgl9BiBCIslY0CitvMaYj0hIxx
+4UAoL9xJ0yinmxXn/rRrRgu11dzimgD
=cfiS
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 2435-1

Debian Security Advisory 2435-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 2435-1

Share This

Debian Security Advisory 2435-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems