Posts tagged "Flash Media Server"

Adobe product security updates available

Today, we released the following Security Bulletins:

Customers of the affected products should consult the relevant Security Bulletin(s) and apply updates as recommended.

This posting is provided “AS IS” with no warranties and confers no rights.

Security updates available for Flash Player, RoboHelp, Audition, and Flash Media Server

Today, we released the following Security Bulletins:

Customers of the affected products should consult the relevant Security Bulletin(s) and apply updates as recommended.

On a related note, we recently added an Acknowledgments page on the Adobe website to thank the individuals and organizations who report a security vulnerability or vulnerabilities in an Adobe product or online service. For acknowledgments of individuals and organizations reporting a security vulnerability or vulnerabilities in an Adobe product, please refer to the “Acknowledgments” section in each Security Bulletin. The new page will list the individuals and organizations who report a security vulnerability or vulnerabilities in an Adobe online service, and worked with us to help protect our customers.

This posting is provided “AS IS” with no warranties and confers no rights.

Security Bulletin – Security update available for Adobe Flash Media Server (FMS)

Today, we posted a Security Bulletin to address critical security issues in Adobe Flash Media Server.  Adobe recommends Flash Media Server customers follow security best practices and update their product installations to the latest version of Flash Media Server (version 4.0.1, 3.5.5 or 3.0.7 respectively).

This posting is provided “AS IS” with no warranties and confers no rights.

Security updates available for Adobe Flash Player, ColdFusion and Flash Media Server

Today, we released the following Security Bulletins:

Customers of the affected products should consult the relevant Security Bulletin(s) and apply updates as recommended.

This posting is provided “AS IS” with no warranties and confers no rights.

Apache HTTP Server Vulnerability Advisory for Adobe Flash Media Server Customers

An important vulnerability was recently identified in Apache HTTP Server version 2.2.14 and earlier (CVE-2010-0425: mod_isapi module unload flaw). The flaw in mod_isapi could result in an attempt to unload the ISAPI dll when encountering various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution. This vulnerability has been fixed in Apache httpd 2.2.15.
Adobe is issuing this blog post as an advisory for customers of Adobe Flash Media Server 3.5.x (Windows only), which ships with version 2.2.9 of Apache HTTP Server:
While Adobe Flash Media Server is not vulnerable to this exploit without specific configuration to support ISAPI-based actions, Adobe recommends customers disable the ISAPI module as a precaution.
To prevent the ISAPI module from loading, change the following line in the Flash Media Server Apache configuration at FMS_INSTALL_DIR/Apache2.2/conf/httpd.conf from

LoadModule isapi_module modules/mod_isapi.so
to
#LoadModule isapi_module modules/mod_isapi.so

If the ISAPI module is needed for your particular Apache distribution, Adobe recommends you update your Apache installation to version 2.2.15, which includes the patch to fix this vulnerability.
For documentation on the configurations Flash Media Server uses to determine its Apache location, visit http://help.adobe.com/en_US/FlashMediaServer/3.5_AdminGuide/WSE2A5A7B9-E118-496f-92F9-E295038DB7DB.html.
This posting is provided “AS IS” with no warranties and confers no rights.

Security Bulletin – Adobe Flash Media Server (FMS)

Today we posted a Security Bulletin to address critical security issues in Adobe Flash Media Server. Adobe recommends Flash Media Server customers update to the latest version of Flash Media Server (version 3.5.3) in line with security best practices.
This posting is provided “AS IS” with no warranties and confers no rights.

Security Bulletin – Flash Media Server

We’ve just posted a Security Bulletin and update for Flash Media Server. The update addresses a potential privilege escalation issue in Flash Media Server.
This posting is provided “AS IS” with no warranties and confers no rights

Security Bulletins – Flash Player, AIR, and Flash Media Server

Today’s Flash Player Security Bulletin discloses several new potential vulnerabilities, but please note that there is no new corresponding Flash Player update since the previous Security Bulletin. Adobe waited until an update to Adobe AIR, which embeds Flash Player, was available before disclosing this particular set of issues because the vulnerabilities in today’s Security Bulletin APSB08-22 have more potential impact for the AIR product than the previously disclosed Flash Player issues from Security Bulletins APSB08-18 and APSB08-20. If you haven’t already, please update to Flash Player 10.0.12.36 (or Flash Player 9.0.151.0).
There is also an AIR Security Bulletin today, which includes an update to resolve an AIR-specific security issue and the aforementioned Flash Player issues. We recommend everyone update to Adobe AIR 1.5.
Finally, we have published a new Security Advisory for Flash Media Server customers. Adobe recommends Flash Media Server customers enable SWF verification to avoid potential video stream capturing by third-party software.
This posting is provided “AS IS” with no warranties and confers no rights.

Security Advisory – Flash Media Server

A new Security Advisory for Flash Media Server 3.0 has just been posted. This Advisory points customers to a recent tech note that describes how to protect Flash Media Server video content from stream capture software, or ‘rippers’.