ID de Prueba:	1.3.6.1.4.1.25623.1.0.67545
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0470
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0470. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB10-14, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3793, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188) An input sanitization flaw was found in the way flash-plugin processed certain URLs. An attacker could use this flaw to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2010-2179) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 9.0.277.0. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0470.html http://www.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb10-14.html Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3793 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html BugTraq ID: 40759 http://www.securityfocus.com/bid/40759 BugTraq ID: 40809 http://www.securityfocus.com/bid/40809 Cert/CC Advisory: TA10-162A http://www.us-cert.gov/cas/techalerts/TA10-162A.html http://security.gentoo.org/glsa/glsa-201101-09.xml HPdes Security Advisory: HPSBMA02547 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 HPdes Security Advisory: SSRT100179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16223 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7205 http://www.redhat.com/support/errata/RHSA-2010-0464.html http://www.redhat.com/support/errata/RHSA-2010-0470.html http://securitytracker.com/id?1024085 http://securitytracker.com/id?1024086 http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 SuSE Security Announcement: SUSE-SA:2010:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html TurboLinux Advisory: TLSA-2010-19 http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt http://www.vupen.com/english/advisories/2010/1421 http://www.vupen.com/english/advisories/2010/1432 http://www.vupen.com/english/advisories/2010/1434 http://www.vupen.com/english/advisories/2010/1453 http://www.vupen.com/english/advisories/2010/1482 http://www.vupen.com/english/advisories/2010/1522 http://www.vupen.com/english/advisories/2010/1793 http://www.vupen.com/english/advisories/2011/0192 Common Vulnerability Exposure (CVE) ID: CVE-2010-2160 BugTraq ID: 40779 http://www.securityfocus.com/bid/40779 Bugtraq: 20100625 ZDI-10-114: Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/512020/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7508 Common Vulnerability Exposure (CVE) ID: CVE-2010-2161 BugTraq ID: 40781 http://www.securityfocus.com/bid/40781 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=871 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15576 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7303 Common Vulnerability Exposure (CVE) ID: CVE-2010-2162 BugTraq ID: 40801 http://www.securityfocus.com/bid/40801 Bugtraq: 20100616 ZDI-10-109: Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511862/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-109 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16345 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7166 Common Vulnerability Exposure (CVE) ID: CVE-2010-2163 BugTraq ID: 40803 http://www.securityfocus.com/bid/40803 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16316 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7501 Common Vulnerability Exposure (CVE) ID: CVE-2010-2164 BugTraq ID: 40780 http://www.securityfocus.com/bid/40780 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=872 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15798 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6765 Common Vulnerability Exposure (CVE) ID: CVE-2010-2165 BugTraq ID: 40782 http://www.securityfocus.com/bid/40782 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16350 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6781 Common Vulnerability Exposure (CVE) ID: CVE-2010-2166 BugTraq ID: 40783 http://www.securityfocus.com/bid/40783 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15541 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7431 Common Vulnerability Exposure (CVE) ID: CVE-2010-2167 BugTraq ID: 40802 http://www.securityfocus.com/bid/40802 Bugtraq: 20100616 VUPEN Security Research - Adobe Flash Player GIF/JPEG Data Parsing Heap Overflow Vulnerabilities (CVE-2010-2167) (Google Search) http://www.securityfocus.com/archive/1/511847/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15437 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7491 Common Vulnerability Exposure (CVE) ID: CVE-2010-2169 BugTraq ID: 40807 http://www.securityfocus.com/bid/40807 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16225 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7276
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.