A Security Bulletin (APSB11-29) was posted today to address important security issues in Adobe ColdFusion. Adobe recommends users update their product installation using the instructions provided in the security bulletin.
This posting is provided “AS IS” with no warranties and confers no rights.
Today, we released the following Security Bulletins:
Customers of the affected products should consult the relevant Security Bulletin(s) and apply updates as recommended.
This posting is provided “AS IS” with no warranties and confers no rights.
A Security Bulletin (APSB11-04) was posted today to address important security issues in Adobe ColdFusion.
This posting is provided “AS IS” with no warranties and confers no rights.
Today, we released the following Security Bulletins:
Customers of the affected products should consult the relevant Security Bulletin(s) and apply updates as recommended.
This posting is provided “AS IS” with no warranties and confers no rights.
A Security Bulletin was posted today to address important security issues in Adobe ColdFusion.
This posting is provided “AS IS” with no warranties and confers no rights.
A Security Bulletin was posted today providing a solution to an important security issue in ColdFusion.
This posting is provided “AS IS” with no warranties and confers no rights.
Today we posted a Security Bulletin for ColdFusion and JRun. Adobe is not currently aware of any exploits in the wild for the security vulnerabilities fixed in this release.
This posting is provided “AS IS” with no warranties and confers no rights.
A Security Bulletin has been posted with instructions to patch the Adobe ColdFusion vulnerability last mentioned in the Adobe PSIRT blog on July 3 (“Potential ColdFusion security issue“, CVE-2009-2265). Adobe is aware of reports that this issue is being exploited in the wild and is remotely exploitable.
This posting is provided “AS IS” with no warranties and confers no rights.
Adobe is aware of reports of ColdFusion websites being compromised through a vulnerability in the FCKEditor rich text editor, which is installed with ColdFusion 8. Adobe is working on an update to ColdFusion to resolve the issue, which we expect to make available next week. In the meantime, ColdFusion 8 administrators are advised to mitigate this issue by following the steps below:
1. Disable connectors by setting config.Enabled to false in the editor/filemanager/connectors/cfm/config.cfm file.
2. Remove unused cfm files under editor/filemanager/connectors/cfm directory of the FCKeditor.
3. Inspect FCKeditor directories for content that has already been uploaded. The uploaded files go under the directory specified in the config.UserFilesPath set in config.cfm.
This posting is provided “AS IS” with no warranties and confers no rights.
Today we posted two Security Bulletins, APSB08-20 for Flash Player 9 and APSB08-21 for ColdFusion. With regards to the Flash Player bulletin, no action is required by customers who have already updated to Flash Player 10.0.12.36, the latest version that is now available here www.adobe.com/go/getflashplayer. The Flash Player 9.0.151.0 update we released today addresses issues previously reported in Security Bulletin APSB08-18 (posted on October 15), as well as other issues which we did not want to disclose until fixes were available in the Flash Player 9 update available today. If you can’t update to Flash Player 10, follow the instructions in APSB08-20 to update your version of Flash Player 9.
The ColdFusion hotfix included in Security Bulletin ASPB08-21 resolves a potential privilege escalation issue that is particularly applicable to ColdFusion servers in a shared hosting environment.
This posting is provided “AS IS” with no warranties and confers no rights.
