[German]Adobe has released security updates for its Adobe Flash Player, ColdFusion and Campaign products effective June 11, 2019. Here is an overview of what is relevant.
Update for Flash Player 220.127.116.11
>Adobe has released a maintenance and security update for the Flash Player, which upgrades it to version 18.104.22.168 and fixes several bugs. Security Bulletin APSB19-30 indicates the following Flash versions as vulnerable:
|Adobe Flash Player Desktop Runtime||22.214.171.124 and earlier versions||Windows, macOS, Linux|
|Adobe Flash Player for Google Chrome||126.96.36.199 and earlier versions||Windows, Macintosh, Linux and Chrome OS|
|Adobe Flash Player for Microsoft Edge and Internet Explorer 11||188.8.131.52 and earlier versions||Windows 10 and 8.1|
Adobe Flash Player 184.108.40.206 is available for Windows, Macintosh, Linux and Chrome OS platforms. The download links can be found in Security Bulletin APSB19-30. How to check the Flash version is described in Update for Flash Player 220.127.116.11. The download addresses can also be found in this German user comment from this morning (thanks for that).
Microsoft Flash Update KB4503308
Microsoft has released the update KB4497932 (Flash Player Update) for Windows Server 2019, all versions of Windows 10, Windows Server Version 1803, Windows Server 2016 Version 1709, Windows RT/RT 8.1, Windows 8.1, Windows Server 2016 and Server 2012 R2/Windows Server 2012 as of June 11, 2019. The update can be found in the Microsoft Update Catalog here.
Adobe ColdFusion security update
Adobe has released an update to ColdFusion that addresses three critical vulnerabilities that could allow arbitrary code execution on vulnerable servers.
- CVE-2019-7838: This vulnerability is exploitable only if the file uploads directory is web accessible.
- CVE-2019-7839: This vulnerability does not impact ColdFusion 11.
- CVE-2019-7840: Refer to the Tech Note for ColdFusion version for more information on mitigating this vulnerability
The following ColdFusion versions are affected:
- ColdFusion 2018 Update 3 and earlier versions
- ColdFusion 2016 Update 10 and earlier versions
- ColdFusion 11 Update 18 and earlier versions
Details may be found within Adobe Security Bulletin APSB19-27.
Adobe Campaign security update
This security update fixes eight vulnerabilities in Adobe Campaign, as Bleeping Computer writes here. One of these vulnerabilities is considered critical because it can lead to arbitrary code execution. See Adobe Security Bulletin APSB19-28.