Accessibility

Security bulletin

Security update available for Adobe Flash Media Server

Release date: August 9th, 2011

Vulnerability identifier: APSB11-20

CVE number: CVE-2011-2132

Platform: Windows, Linux

Summary

A critical vulnerability has been identified in Adobe Flash Media Server (FMS) 4.0.2 and earlier versions, and Adobe Flash Media Server (FMS) 3.5.6 and earlier versions for Windows and Linux. This vulnerability could allow an attacker, who successfully exploits the vulnerability, to cause a denial of service on the affected system. Adobe has provided an update to address the reported vulnerability and recommends that users update their installations to Flash Media Server 4.0.3 or 3.5.7 respectively using the instructions provided below..

Affected software versions

  • Flash Media Server 4.0.2 and earlier versions for Windows and Linux
  • Flash Media Server 3.5.6 and earlier versions for Windows and Linux

Solution

Adobe recommends Flash Media Server (FMS) users update their installations to Flash Media Server 4.0.3 or Flash Media Server 3.5.7 respectively available here:
http://www.adobe.com/support/flashmediaserver/downloads_updaters.html.

Severity rating

Adobe categorizes this as a critical update and recommends that users apply the latest update for their product installations.

Details

A critical vulnerability has been identified in Adobe Flash Media Server (FMS) 4.0.2 and earlier versions, and Adobe Flash Media Server (FMS) 3.5.6 and earlier versions for Windows and Linux. The vulnerability could allow an attacker, who successfully exploits the vulnerability, to cause a denial of service on the affected system. Adobe has provided an update to address the reported vulnerability. It is recommended that users update their installations using the instructions provided above.

This update resolves a memory corruption issue that could lead to a denial of service (CVE-2011-2132).

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Knud Erik Højgaard of nsense (CVE-2011-2132).