MGASA-2012-0108-2
| Date: | June 10th, 2012 |
| Affected releases: | 1 |
Description:
Updated gnash packages fix security vulnerabilities:
Tielei Wang from Georgia Tech Information Security Center discovered a
vulnerability in GNU Gnash which is caused due to an integer overflow
error and can be exploited to cause a heap-based buffer overflow by
tricking a user into opening a specially crafted SWF file (CVE-2012-1175).
Alexander Kurtz discovered an unsafe management of HTTP cookies.
Cookie files are stored under /tmp and have predictable names, and the
vulnerability allows a local attacker to overwrite arbitrary files the
users has write permissions for, and are also world-readable which may
cause information leak (CVE-2011-4328).
UPDATE:
This advisory is updated to correct text errors that incorrectly
listed the updated packages as affected ones.
Updated Packages:
gnash-0.8.9-2.1.mga1
lib(64)gnash0-0.8.9-2.1.mga1
lib(64)gnash-devel-0.8.9-2.1.mga1
gnash-firefox-plugin-0.8.9-2.1.mga1
klash-0.8.9-2.1.mga1
gnash-cygnal-0.8.9-2.1.mga1
gnash-tools-0.8.9-2.1.mga1
python-gnash-0.8.9-2.1.mga1
gnash-extension-fileio-0.8.9-2.1.mga1
gnash-extension-lirc-0.8.9-2.1.mga1
gnash-extension-dejagnu-0.8.9-2.1.mga1
gnash-extension-mysql-0.8.9-2.1.mga1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1175
http://www.debian.org/security/2012/dsa-2435
https://bugs.mageia.org/show_bug.cgi?id=5458
