MAAS History
Archives

Entries by Sean OConnell Public (50)

Thursday
Feb102011

Google Chrome Update 9.0.597.94

DateThursday, February 10, 2011 at 08:59AM

Google has released an update to Chrome which includes the new version of Flash (10.2)

  • [67234] High Stale pointer in animation event handling. Credit to Rik Cabanier.
  • [$1000] [68120] High Use-after-free in SVG font faces. Credit to miaubiz.
  • [$1000] [69556] High Stale pointer with anonymous block handling. Credit to Martin Barbella.
  • [69970] Medium Out-of-bounds read in plug-in handling. Credit to Bill Budge of Google.
  • [$1000] [70456] Medium Possible failure to terminate process on out-of-memory condition. Credit to David Warren of CERT/CC.

Make sure to confirm your Flash control panel setting after update. 

AuthorSean OConnell Public | CommentPost a Comment | Reference1 Reference |
tagged in , ,
Wednesday
Feb092011

Flash Update 10.2.152.26 Released->Installed with Acrobat Update

DateWednesday, February 9, 2011 at 01:23AM

Adobe has released an update of Flash to address the following vulnerabilities. Adobe Reader and Acrobat users who installed the update and read the Acrobat Reader Release Notes may have noticed that the update installed this updated version of Flash. Make sure to confirm you Flash privacy settings once you install the latest version, disable P2P uplink or always ask.

 

  • This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2011-0558).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-0559).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-0560, CVE-2011-0561).
  • This update resolves multiple memory corruption vulnerabilities that could lead to code execution (CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574).
  • This update resolves a library-loading vulnerability that could lead to code execution (CVE-2011-0575).
  • This update resolves a font-parsing vulnerability that could lead to code execution (CVE-2011-0577).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-0578).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-0607).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-0608).
  • Adobe recommends users of Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.2.152.26.

 

AuthorSean OConnell Public | CommentPost a Comment | Reference1 Reference |
tagged in , ,
Tuesday
Feb082011

Adobe Updates Acrobat, Reader and Cold Fusion

DateTuesday, February 8, 2011 at 05:11PM

Adobe has released an update of Acrobat and Acrobat Reader to address critical vulnerabilities and fix various bugs. 

  • These updates resolve an input validation vulnerability that could lead to code execution (CVE-2010-4091).
  • These updates resolve a library-loading vulnerability that could lead to code execution (CVE-2011-0562).
  • These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-0563).
  • These updates resolve a Windows-only file permissions issue that could lead to privilege escalation (CVE-2011-0564).
  • These updates resolve a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2011-0565).
  • These updates resolve an image-parsing memory corruption vulnerability that could lead to code execution (CVE-2011-0566).
  • These updates resolve an image-parsing memory corruption vulnerability that could lead to code execution (CVE-2011-0567).
  • These updates resolve a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (Macintosh only) (CVE-2011-0568).
  • These updates resolve a library-loading vulnerability that could lead to code execution (CVE-2011-0570).
  • These updates resolve a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2011-0585).
  • These updates resolve an input validation vulnerability that could lead to code execution (CVE-2011-0586).
  • These updates resolve an input validation vulnerability that could lead to a cross-site scripting vulnerability (CVE-2011-0587).
  • These updates resolve a library-loading vulnerability that could lead to code execution (CVE-2011-0588).
  • These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-0589).
  • These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0590).
  • These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0591).
  • These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0592).
  • These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0593).
  • These updates resolve a font parsing input validation vulnerability that could lead to code execution (CVE-2011-0594).
  • These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0595).
  • These updates resolve a image parsing input validation vulnerability that could lead to code execution (CVE-2011-0596).
  • These updates resolve an image parsing input validation vulnerability that could lead to code execution (CVE-2011-0598).
  • These updates resolve an image parsing input validation vulnerability that could lead to code execution (CVE-2011-0599).
  • These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0600).
  • These updates resolve an image parsing input validation vulnerability that could lead to code execution (CVE-2011-0602).
  • These updates resolve an image-parsing memory corruption vulnerability that could lead to code execution (CVE-2011-0603).
  • These updates resolve an input validation vulnerability that could lead to cross-site scripting (CVE-2011-0604).
  • These updates resolve a memory corruption vulnerability that could lead to code execution (Macintosh only) (CVE-2011-0605).
  • These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-0606).
  • 2742895 Crash after copying text from a comment and scrolling to the next page when data already exists on the clipboard.

ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 for Windows, Macintosh and UNIX has also been released. This is a Hot Fix, users should read the tech note in references for more information.  

AuthorSean OConnell Public | CommentPost a Comment | Reference2 References |
tagged in , , ,
Saturday
Feb052011

Google Chrome Release 9.0.597.84

DateSaturday, February 5, 2011 at 12:56PM

Google has released to the Stable Channel Chrome 9.0.597.84. This addresses a number of security issues including mitigating a unspecified flaw in MacOSX SSL libraries. This would cause either a DOS of the application. Users should select about Chrome to update or download the update from the stable channel here.

AuthorSean OConnell Public | CommentPost a Comment | Reference2 References |
tagged in , , , ,
Thursday
Feb032011

Pre-notification of Adobe Reader and Acrobat Updates

DateThursday, February 3, 2011 at 06:50PM

Adobe has released a pre-notification of an update to Acrobat and Reader products to address security issues classified as Critical. The release date is scheduled for Tuesday February 8, 2011. 

AuthorSean OConnell Public | CommentPost a Comment | Reference1 Reference |
in , , ,
Page 1 ... 6 7 8 9 10 Next 5 Entries ยป