Gentoo: netscape-flash Buffer overflow vulnerability
Summary
- --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-9 - ---------------------------------------------------------------------
- ---------------------------------------------------------------------
>From advisory: "The cumulative security patch is available today and addresses the potential for exploits surrounding buffer overflows (read/write) and sandbox integrity within the player, which might allow malicious usersto gain access to a user's computer. The possibility of running native code on a users machine is a theoretical exploit, and extremely difficult to execute in practice. There are no known examples of running such native code from Macromedia Flash movies; however, even though this issue is difficult and theoretical in nature only, we are encouraging users to upgrade."
Read the full advisory at:
SOLUTION
It is recommended that all Gentoo Linux users who are running net-www/netscape-flash upgrade to netscape-flash-6.0.79 as follows:
emerge sync emerge netscape-flash emerge clean
- --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - ---------------------------------------------------------------------
6.0.79