[MACEP] New at ftp.mesd--Flash Player 9.0.28.0

John Bromley the.bromleys at verizon.net
Thu Nov 16 18:48:41 PST 2006 

The following files are new or updated in the /pub/mac directory of  
the FTP server located at:
  ftp://ftp.mesd.k12.or.us/pub/mac/.

Flash Player 9.0.28.0
ftp://ftp.mesd.k12.or.us:21//pub/mac/InstallFlashPlayerOSXub.dmg

Adobe posted Flash Player 9.0.28.0, a security update for both  
PowerPC and Intel Macs designed to resolve vulnerabilities in Flash  
Player.

HTTP Header Injection Vulnerabilities in Adobe Flash Player

Affected software versions
Adobe Flash Player 9.x, 8.x, and 7.x. The custom-header addition  
feature was added starting with Adobe Flash Player 7, thus Flash  
Player 6 and earlier are not affected.
   To verify the Adobe Flash Player version number, access the About  
Flash Player page, or right-click on Flash content and select "About  
Macromedia Flash Player" from the menu. If you use multiple browsers,  
perform the check for each browser you have installed on your system.

Solution
Adobe recommends all users of Adobe Flash Player 9.0.20.0 and earlier  
versions upgrade to the newest version 9.0.28.0, by downloading it  
from the Player Download Center, or by using the auto-update  
mechanism within the product when prompted.
   For customers who cannot upgrade to Adobe Flash Player 9, Adobe is  
working on updates to previous versions that will resolve this issue.  
All documented security vulnerabilities and their solutions are  
distributed through the Adobe security notification service. You can  
sign up for the service by clicking here.

Severity rating
Adobe categorizes this as an important issue and recommends affected  
users upgrade to version 9.0.28.0.

Details
Adobe has provided an update to resolve vulnerabilities in Adobe  
Flash Player. These vulnerabilities would allow remote attackers to  
modify HTTP headers of client requests and conduct HTTP Request  
Splitting attacks. The flexibility of the attack varies depending on  
the type of web browser being used.




-- 
John Bromley
(503) 668-3332

"Even if you're on the right track, you'll get run over if you just  
sit there." -----  Will Rogers



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mesd.k12.or.us/pipermail/macep/attachments/20061116/d35869bf/attachment.html

More information about the MACEP mailing list