Re: Firefox 4 repo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



  On 07/19/2010 12:17 AM, Christofer C. Bell wrote:
> On 7/19/10, *Suvayu Ali* <fatkasuvayu+linux@xxxxxxxxx 
> <mailto:fatkasuvayu%2Blinux@xxxxxxxxx>> wrote:
>
>     I have a copy of the "buggy" 64 bit flash(10.0.45), and it works with
>     the fedora version of FF 3.6 very well. I am having a problem with
>     _all_
>     my plugins when I use the tarball. I guess I'll have to give up my
>     wish
>     to test the beta release of FF. :-\
>
>
> It's not so much "buggy" as it contains an actively exploited security 
> vulnerability that can lead to remote compromise of your computer.
>
> "A critical 
> <http://www.adobe.com/support/security/severity_ratings.html> 
> vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier 
> versions for Windows, Macintosh, Linux and Solaris operating systems, 
> and the authplay.dll component that ships with Adobe Reader and 
> Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This 
> vulnerability (CVE-2010-1297) could cause a crash and potentially 
> allow an attacker to take control of the affected system. There are 
> reports that this vulnerability is being actively exploited in the 
> wild against both Adobe Flash Player, and Adobe Reader and Acrobat."[1]
>
> "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe 
> AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, 
> and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers 
> to execute arbitrary code or cause a denial of service (memory 
> corruption) via crafted SWF content, related to authplay.dll and the 
> ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as 
> exploited in the wild in June 2010."[2]
>
> So yes, the software "works well" in much the same way that "an 
> unpatched Windows XP works well" but leaves you open to compromise.  
> Note the key sentence here: "There are reports that this vulnerability 
> is being actively exploited in the wild against both Adobe Flash 
> Player, and Adobe Reader and Acrobat."
>
> I'm not sure I'd have such a caviler attitude toward it as you.
>
> [1] http://www.adobe.com/support/security/advisories/apsa10-01.html
> [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
>
> -- 
> Chris
>
>
Looks like Adobe has a new 64 bit flash plugin:

http://kb2.adobe.com/cps/000/6b3af6c9.html
There is a link there:
Click here for instructions to install Flash Player on a 64-bit 
operating system

Good luck Suvayu

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux