[SECURITY] Fedora 12 Update: gnash-0.8.6-13.fc12
updates at fedoraproject.org
updates at fedoraproject.org
Sat Feb 13 00:36:38 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-1820
2010-02-13 00:17:09
--------------------------------------------------------------------------------
Name : gnash
Product : Fedora 12
Version : 0.8.6
Release : 13.fc12
URL : http://www.gnu.org/software/gnash/
Summary : GNU flash movie player
Description :
Gnash is capable of reading up to SWF v9 files and opcodes, but primarily
supports SWF v7, with better SWF v8 and v9 support under heavy development.
Gnash includes initial parser support for SWF v8 and v9. Not all
ActionScript 2 classes are implemented yet, but all of the most heavily
used ones are. Many ActionScript 2 classes are partially implemented;
there is support for all of the commonly used methods of each
class.
--------------------------------------------------------------------------------
Update Information:
This update makes Gnash use the system version of the libltdl library instead of
the bundled copy which was vulnerable to CVE-2009-3736. An update to the system
libltdl fixing CVE-2009-3736 was issued on December 29, 2009.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #537941 - CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory
https://bugzilla.redhat.com/show_bug.cgi?id=537941
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gnash' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list