—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgende Warnung. Wir geben diese Informationen
unveraendert an Sie weiter.
CVE-2011-2132 – Denial of Service-Schwachstelle im Adobe Flash Media
Server
Im Adobe Flash Media Server vor Version 4.0.3 und Version 3.5.6 besteht
ein nicht naeher beschriebener Fehler, der zu korrumpiertem Speicher
fuehren kann. Ein Angreifer kann dies ausnutzen, um einen Denial of
Service-Angriff durchzufuehren.
Betroffen sind die folgenden Software Pakete und Plattformen:
Adobe Flash Media Server (FMS) vor Version 4.0.3
Adobe Flash Media Server (FMS) vor Version 3.5.7
Windows
Linux
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Matthias Braeck
– —
Matthias Braeck (Incident Response Team)
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen: https://www.cert.dfn.de/autowarn
Security update available for Adobe Flash Media Server
Release date: August 9th, 2011
Vulnerability identifier: APSB11-20
CVE number: CVE-2011-2132
Platform: Windows, Linux
Summary
A critical vulnerability has been identified in Adobe Flash Media Server (FMS) 4.0.2 and earlier versions, and Adobe Flash Media Server (FMS) 3.5.6 and earlier versions for Windows and Linux. This vulnerability could allow an attacker, who successfully exploits the vulnerability, to cause a denial of service on the affected system. Adobe has provided an update to address the reported vulnerability and recommends that users update their installations to Flash Media Server 4.0.3 or 3.5.7
respectively using the instructions provided below..
Affected software versions
* Flash Media Server 4.0.2 and earlier versions for Windows and Linux
* Flash Media Server 3.5.6 and earlier versions for Windows and Linux
Solution
Adobe recommends Flash Media Server (FMS) users update their installations to Flash Media Server 4.0.3 or Flash Media Server 3.5.7 respectively available here:
http://www.adobe.com/support/flashmediaserver/downloads_updaters.html.
Severity rating
Adobe categorizes this as acriticalupdate and recommends that users apply the latest update for their product installations.
Details
Acritical vulnerability has been identified in Adobe Flash Media Server (FMS) 4.0.2 and earlier versions, and Adobe Flash Media Server (FMS) 3.5.6 and earlier versions for Windows and Linux. The vulnerability could allow an attacker, who successfully exploits the vulnerability, to cause a denial of service on the affected system. Adobe has provided an update to address the reported vulnerability. It is recommended that users update their installations using the instructions provided above.
This update resolves a memory corruption issue that could lead to a denial of service (CVE-2011-2132).
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
* Knud Erik Højgaard of nsense (CVE-2011-2132).
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.16 (GNU/Linux)
iQEcBAEBAgAGBQJOQmzkAAoJEJtyb8U7iGZB/e8H/3LW7XNYodnUyYj5K0U49nUG
qyFPaC9WTVj2nOVd1PWXn6NlLWY0xfjnGgCOGwQv+hgt8FkwFCszj8p2cw2FYA96
RI8HrBIpeV038C1cAZ51H87htg1HhE4Qnosabn2iX9NLuKBlYgVifbi2BA/dwe17
SviXVUKcLglfpDdu/OhlLluECSFp48jL24X7YreuDKdQvVdQ2yGO55hG/l+SYp20
R2W+ltJUxN2+jkAt2VYvxdnaIyxfQgmoLOgeyCMaU7peH5a6nwrxVAv+8pBDlRUb
JQxeSVqBnfgN1GoJO4prrjl/X8UsKWYZT/mGTl9yv+gcW05Yeugr63W2h16uaVk=
=jlfw
—–END PGP SIGNATURE—–
