FYI...
Flash v17.0.0.169 released
- https://helpx.adobe.com/security/pro...apsb15-06.html
April 14, 2015
CVE number: CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3044
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-3043 exists in the wild, and recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 17.0.0.169.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.281.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.457.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 17.0.0.169 when available...
For IE:
- http://download.macromedia.com/get/f...7_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/f..._17_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1032105
CVE Reference: CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355
Apr 14 2015
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 17.0.0.134 and prior, 13.0.0.277 and prior 13.x versions, 11.2.202.451 and prior 11.x versions...
Several memory corruption errors may occur [CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043].
Solution: The vendor has issued a fix (17.0.0.169, 13.0.0.281 ESR, 11.2.202.457 for Linux)...
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-3043 - 10.0 (HIGH)
Last revised: 04/15/2015 - "... as exploited in the wild in April 2015..."
___
Security Update: Hotfixes available for ColdFusion
- https://helpx.adobe.com/security/pro...apsb15-07.html
April 14, 2015
CVE numbers: CVE-2015-0345
Platform: All
Summary: Adobe has released security hotfixes for ColdFusion versions 11 and 10. These hotfixes address an input validation issue that could be used in a reflected cross-site scripting attack.
Affected software versions:
ColdFusion 11 and 10
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
ColdFusion 11: http://helpx.adobe.com/coldfusion/kb...-update-5.html
ColdFusion 10: http://helpx.adobe.com/coldfusion/kb...update-16.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide and ColdFusion 10 Lockdown Guide..."
- http://www.securitytracker.com/id/1032106
CVE Reference: CVE-2015-0345
Apr 14 2015
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10, 11
Solution: The vendor has issued hotfixes (10 Update 16, 11 Update 5)...
___
Security vulnerability in output of Adobe Flex ASdoc Tool
- https://helpx.adobe.com/security/pro...apsb15-08.html
April 14, 2015
CVE number: CVE-2015-1773
Platform: All Platforms
Summary: An important vulnerability has been identified in the JavaScript output of the ASDoc tool available in Adobe Flex 4.6 and earlier versions. This vulnerability could lead to reflected cross-site scripting. Adobe recommends users perform the actions referenced in the "Solutions" section below to remediate this vulnerability.
Affected software versions: Adobe Flex 4.6 and earlier versions
Solution: Adobe recommends users follow the steps below to remediate this issue:
- Download the index.html file available here:
> https://git-wip-us.apache.org/repos/.../heads/develop
- Apply any modifications to the existing index.html file (ex. update the page title)
- Deploy the results to the web site
- http://www.securitytracker.com/id/1032107
CVE Reference: CVE-2015-1773
Apr 14 2015
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information...
Version(s): 4.6 and prior...
Solution: The vendor has issued a fix...