Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0043)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0043

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0043)

Resumen: The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2015-0043 advisory.

Descripción: Summary:
The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2015-0043 advisory.

Vulnerability Insight:
Adobe Flash Player 11.2.202.440 contains fixes to critical security
vulnerabilities found in earlier versions that could cause a crash and
potentially allow an attacker to take control of the affected system.

Adobe reports that CVE-2015-0311 is already being actively exploited in the
wild via drive-by-download attacks against systems running Internet Explorer
and Firefox on Windows.

This update resolves a use-after-free vulnerability that could lead to code
execution (CVE-2015-0311).

This update resolves a double-free vulnerability that could lead to code
execution (CVE-2015-0312).

Affected Software/OS:
'flash-player-plugin' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-0311
BugTraq ID: 72283
http://www.securityfocus.com/bid/72283
http://security.gentoo.org/glsa/glsa-201502-02.xml
http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
http://www.securitytracker.com/id/1031597
http://secunia.com/advisories/62432
http://secunia.com/advisories/62543
http://secunia.com/advisories/62650
http://secunia.com/advisories/62660
http://secunia.com/advisories/62740
SuSE Security Announcement: SUSE-SU-2015:0151 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html
SuSE Security Announcement: SUSE-SU-2015:0163 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0312
BugTraq ID: 72343
http://www.securityfocus.com/bid/72343
http://www.securitytracker.com/id/1031634
XForce ISS Database: adobe-flash-cve20150312-code-exec(100394)
https://exchange.xforce.ibmcloud.com/vulnerabilities/100394

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0043
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0043)
Resumen:	The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2015-0043 advisory.
Descripción:	Summary: The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2015-0043 advisory. Vulnerability Insight: Adobe Flash Player 11.2.202.440 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe reports that CVE-2015-0311 is already being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows. This update resolves a use-after-free vulnerability that could lead to code execution (CVE-2015-0311). This update resolves a double-free vulnerability that could lead to code execution (CVE-2015-0312). Affected Software/OS: 'flash-player-plugin' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0311 BugTraq ID: 72283 http://www.securityfocus.com/bid/72283 http://security.gentoo.org/glsa/glsa-201502-02.xml http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html http://www.securitytracker.com/id/1031597 http://secunia.com/advisories/62432 http://secunia.com/advisories/62543 http://secunia.com/advisories/62650 http://secunia.com/advisories/62660 http://secunia.com/advisories/62740 SuSE Security Announcement: SUSE-SU-2015:0151 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html SuSE Security Announcement: SUSE-SU-2015:0163 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html Common Vulnerability Exposure (CVE) ID: CVE-2015-0312 BugTraq ID: 72343 http://www.securityfocus.com/bid/72343 http://www.securitytracker.com/id/1031634 XForce ISS Database: adobe-flash-cve20150312-code-exec(100394) https://exchange.xforce.ibmcloud.com/vulnerabilities/100394
Copyright	Copyright (C) 2022 Greenbone AG