ALT-BU-2014-2564-1
Branch sisyphus update bulletin.
Package adobe-flash-player updated to version 11-alt25 for branch sisyphus in task 113546.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-0497
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html
- http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
- http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
- openSUSE-SU-2014:0197
- openSUSE-SU-2014:0197
- openSUSE-SU-2014:0203
- openSUSE-SU-2014:0203
- SUSE-SU-2014:0221
- SUSE-SU-2014:0221
- RHSA-2014:0137
- RHSA-2014:0137
- 56437
- 56437
- 56737
- 56737
- 56780
- 56780
- 56799
- 56799
- 56839
- 56839
- 33212
- 33212
- 102849
- 102849
- 65327
- 65327
- 1029715
- 1029715
- adobe-flash-cve20140497-code-exec(90884)
- adobe-flash-cve20140497-code-exec(90884)
Closed vulnerabilities
BDU:2021-01329
Уязвимость спецификации Open Connectivity Foundation UPnP, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
- http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html
- [oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP
- https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/
- https://github.com/corelight/callstranger-detector
- https://github.com/yunuscadirci/CallStranger
- [debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update
- [debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update
- FEDORA-2020-e538e3e526
- FEDORA-2020-df3e1cfde9
- FEDORA-2020-1f7fc0d0c9
- USN-4494-1
- https://www.callstranger.com
- DSA-4806
- DSA-4898
- https://www.kb.cert.org/vuls/id/339275
- https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
- http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html
- https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
- https://www.kb.cert.org/vuls/id/339275
- DSA-4898
- DSA-4806
- https://www.callstranger.com
- USN-4494-1
- FEDORA-2020-1f7fc0d0c9
- FEDORA-2020-df3e1cfde9
- FEDORA-2020-e538e3e526
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update
- [debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update
- [debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update
- https://github.com/yunuscadirci/CallStranger
- https://github.com/corelight/callstranger-detector
- https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/
- [oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP