Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Enterprise Watch List (http://www.linux-archive.org/enterprise-watch-list/)
-   -   Critical: flash-plugin security update (http://www.linux-archive.org/enterprise-watch-list/66535-critical-flash-plugin-security-update.html)

04-08-2008 11:49 PM

Critical: flash-plugin security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2008:0221-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0221.html
Issue date: 2008-04-08
CVE Names: CVE-2007-5275 CVE-2007-6243 CVE-2007-6637
CVE-2007-6019 CVE-2007-0071 CVE-2008-1655
CVE-2008-1654
================================================== ===================

1. Summary:

An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise
Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 Extras - i386
Red Hat Desktop version 3 Extras - i386
Red Hat Enterprise Linux ES version 3 Extras - i386
Red Hat Enterprise Linux WS version 3 Extras - i386
Red Hat Enterprise Linux AS version 4 Extras - i386
Red Hat Desktop version 4 Extras - i386
Red Hat Enterprise Linux ES version 4 Extras - i386
Red Hat Enterprise Linux WS version 4 Extras - i386
RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64

3. Description:

The flash-plugin package contains a Firefox-compatible Adobe Flash Player
Web browser plug-in.

Several input validation flaws were found in the way Flash Player displayed
certain content. These may have made it possible to execute arbitrary code
on a victim's machine, if the victim opened a malicious Adobe Flash file.
(CVE-2007-0071, CVE-2007-6019)

A flaw was found in the way Flash Player established TCP sessions to remote
hosts. A remote attacker could, consequently, use Flash Player to conduct a
DNS rebinding attack. (CVE-2007-5275, CVE-2008-1655)

A flaw was found in the way Flash Player restricted the interpretation and
usage of cross-domain policy files. A remote attacker could use Flash
Player to conduct cross-domain and cross-site scripting attacks.
(CVE-2007-6243, CVE-2008-1654)

A flaw was found in the way Flash Player interacted with web browsers. An
attacker could use malicious content presented by Flash Player to conduct a
cross-site scripting attack. (CVE-2007-6637)

All users of Adobe Flash Player should upgrade to this updated package,
which contains Flash Player version 9.0.124.0 and resolves these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

367501 - CVE-2007-5275 Flash plugin DNS rebinding
440664 - CVE-2007-6243 Flash Player cross-domain and cross-site scripting flaws
440666 - CVE-2007-6637 Flash Player content injection flaw

6. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
flash-plugin-9.0.124.0-1.el3.with.oss.i386.rpm

Red Hat Desktop version 3 Extras:

i386:
flash-plugin-9.0.124.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
flash-plugin-9.0.124.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
flash-plugin-9.0.124.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:
flash-plugin-9.0.124.0-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
flash-plugin-9.0.124.0-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
flash-plugin-9.0.124.0-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
flash-plugin-9.0.124.0-1.el4.i386.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
flash-plugin-9.0.124.0-1.el5.i386.rpm

x86_64:
flash-plugin-9.0.124.0-1.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:
flash-plugin-9.0.124.0-1.el5.i386.rpm

x86_64:
flash-plugin-9.0.124.0-1.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFH/ARyXlSAg2UNWIIRAmH9AJoDh5tWbwt6UKTo3TWp6uXO5mY5EgC gsBuv
lK7I9GdvxAw8ySpOHybYFRk=
=zuAv
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

12-19-2008 04:53 PM

Critical: flash-plugin security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2008:1047-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-1047.html
Issue date: 2008-12-19
CVE Names: CVE-2008-5499
================================================== ===================

1. Summary:

An updated Adobe Flash Player package that fixes a security issue is
now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise
Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 Extras - i386
Red Hat Desktop version 3 Extras - i386
Red Hat Enterprise Linux ES version 3 Extras - i386
Red Hat Enterprise Linux WS version 3 Extras - i386
Red Hat Enterprise Linux AS version 4 Extras - i386
Red Hat Desktop version 4 Extras - i386
Red Hat Enterprise Linux ES version 4 Extras - i386
Red Hat Enterprise Linux WS version 4 Extras - i386
RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64

3. Description:

The flash-plugin package contains a Firefox-compatible Adobe Flash Player
Web browser plug-in.

A security flaw was found in the way Flash Player displayed certain SWF
(Shockwave Flash) content. This may have made it possible to execute
arbitrary code on a victim's machine, if the victim opened a malicious
Adobe Flash file. (CVE-2008-5499)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.0.15.3 for users of Red Hat Enterprise
Linux 5 Supplementary, and 9.0.152.0 for users of Red Hat Enterprise 3 and
4 Extras.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
flash-plugin-9.0.152.0-1.el3.with.oss.i386.rpm

Red Hat Desktop version 3 Extras:

i386:
flash-plugin-9.0.152.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
flash-plugin-9.0.152.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
flash-plugin-9.0.152.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:
flash-plugin-9.0.152.0-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
flash-plugin-9.0.152.0-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
flash-plugin-9.0.152.0-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
flash-plugin-9.0.152.0-1.el4.i386.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
flash-plugin-10.0.15.3-2.el5.i386.rpm

x86_64:
flash-plugin-10.0.15.3-2.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:
flash-plugin-10.0.15.3-2.el5.i386.rpm

x86_64:
flash-plugin-10.0.15.3-2.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5499
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb08-24.html
http://www.adobe.com/products/flashplayer/

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJS9+RXlSAg2UNWIIRAoPHAJ9dEEgKvJOI4uayFqHSki cmv/CFLgCeL8TW
/Fr3lWj9w+JvjZwA5GLKmNo=
=kGBt
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

02-25-2009 11:02 PM

Critical: flash-plugin security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2009:0332-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0332.html
Issue date: 2009-02-25
CVE Names: CVE-2009-0519 CVE-2009-0520 CVE-2009-0521
================================================== ===================

1. Summary:

An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64

3. Description:

The flash-plugin package contains a Firefox-compatible Adobe Flash Player
Web browser plug-in.

Multiple input validation flaws were found in the way Flash Player
displayed certain SWF (Shockwave Flash) content. An attacker could use
these flaws to create a specially-crafted SWF file that could cause
flash-plugin to crash, or, possibly, execute arbitrary code when the victim
loaded a page containing the specially-crafted SWF content. (CVE-2009-0520,
CVE-2009-0519)

It was discovered that Adobe Flash Player had an insecure RPATH (runtime
library search path) set in the ELF (Executable and Linking Format) header.
A local user with write access to the directory pointed to by RPATH could
use this flaw to execute arbitrary code with the privileges of the user
running Adobe Flash Player. (CVE-2009-0521)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.0.22.87.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

487141 - CVE-2009-0519 flash-plugin: Input validation flaw (DoS)
487142 - CVE-2009-0520 flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.
487144 - CVE-2009-0521 flash-plugin: Linux-specific information disclosure (privilege escalation)

6. Package List:

RHEL Desktop Supplementary (v. 5 client):

i386:
flash-plugin-10.0.22.87-1.el5.i386.rpm

x86_64:
flash-plugin-10.0.22.87-1.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:
flash-plugin-10.0.22.87-1.el5.i386.rpm

x86_64:
flash-plugin-10.0.22.87-1.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0521
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb09-01.html
http://www.adobe.com/products/flashplayer/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJpdwkXlSAg2UNWIIRAl8LAJ4pW0zXSt9hYvTGjOVYcc 2qoOfafwCgvLc+
GhVQGINv4QMXgqYcMjP1Az8=
=/b9n
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

02-25-2009 11:03 PM

Critical: flash-plugin security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2009:0334-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0334.html
Issue date: 2009-02-25
CVE Names: CVE-2009-0519 CVE-2009-0520
================================================== ===================

1. Summary:

An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 3 and 4 Extras.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 Extras - i386
Red Hat Desktop version 3 Extras - i386
Red Hat Enterprise Linux ES version 3 Extras - i386
Red Hat Enterprise Linux WS version 3 Extras - i386
Red Hat Enterprise Linux AS version 4 Extras - i386
Red Hat Desktop version 4 Extras - i386
Red Hat Enterprise Linux ES version 4 Extras - i386
Red Hat Enterprise Linux WS version 4 Extras - i386

3. Description:

The flash-plugin package contains a Firefox-compatible Adobe Flash Player
Web browser plug-in.

Multiple input validation flaws were found in the way Flash Player
displayed certain SWF (Shockwave Flash) content. An attacker could use
these flaws to create a specially-crafted SWF file that could cause
flash-plugin to crash, or, possibly, execute arbitrary code when the victim
loaded a page containing the specially-crafted SWF content. (CVE-2009-0520,
CVE-2009-0519)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 9.0.159.0.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

487141 - CVE-2009-0519 flash-plugin: Input validation flaw (DoS)
487142 - CVE-2009-0520 flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.

6. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
flash-plugin-9.0.159.0-1.el3.with.oss.i386.rpm

Red Hat Desktop version 3 Extras:

i386:
flash-plugin-9.0.159.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
flash-plugin-9.0.159.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
flash-plugin-9.0.159.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:
flash-plugin-9.0.159.0-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
flash-plugin-9.0.159.0-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
flash-plugin-9.0.159.0-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
flash-plugin-9.0.159.0-1.el4.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0520
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb09-01.html
http://www.adobe.com/products/flashplayer/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJpdw0XlSAg2UNWIIRApxFAJ0eQA6G6c8ZVO8ocuKT0G p5mnOMwwCgtn3D
OIrsYZT9hVUnhPh9leHQtc0=
=dNzf
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

12-09-2009 03:31 PM

Critical: flash-plugin security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2009:1657-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1657.html
Issue date: 2009-12-09
CVE Names: CVE-2009-3794 CVE-2009-3796 CVE-2009-3797
CVE-2009-3798 CVE-2009-3799 CVE-2009-3800
================================================== ===================

1. Summary:

An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

Multiple security flaws were found in the way Flash Player displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
possibly, execute arbitrary code when the victim loaded a page containing
the specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,
CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.0.42.34.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

543857 - flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)

6. Package List:

RHEL Desktop Supplementary (v. 5 client):

i386:
flash-plugin-10.0.42.34-1.el5.i386.rpm

x86_64:
flash-plugin-10.0.42.34-1.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:
flash-plugin-10.0.42.34-1.el5.i386.rpm

x86_64:
flash-plugin-10.0.42.34-1.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3800
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb09-19.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLH9DpXlSAg2UNWIIRAsQkAKCFZm4pGqEI5SItuhVarI iwnjUevACgiwuC
TW3M79YeyspEscv8LFIugHE=
=6u/d
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

12-09-2009 03:32 PM

Critical: flash-plugin security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2009:1658-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1658.html
Issue date: 2009-12-09
CVE Names: CVE-2009-3794 CVE-2009-3796 CVE-2009-3798
CVE-2009-3799 CVE-2009-3800
================================================== ===================

1. Summary:

An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 3 Extras and 4 Extras.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Desktop version 3 Extras - i386
Red Hat Desktop version 4 Extras - i386
Red Hat Enterprise Linux AS version 3 Extras - i386
Red Hat Enterprise Linux AS version 4 Extras - i386
Red Hat Enterprise Linux ES version 3 Extras - i386
Red Hat Enterprise Linux ES version 4 Extras - i386
Red Hat Enterprise Linux WS version 3 Extras - i386
Red Hat Enterprise Linux WS version 4 Extras - i386

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

Multiple security flaws were found in the way Flash Player displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
possibly, execute arbitrary code when the victim loaded a page containing
the specially-crafted SWF content. (CVE-2009-3794, CVE-2009-3796,
CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 9.0.260.0.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

543857 - flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)

6. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
flash-plugin-9.0.260.0-1.el3.with.oss.i386.rpm

Red Hat Desktop version 3 Extras:

i386:
flash-plugin-9.0.260.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
flash-plugin-9.0.260.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
flash-plugin-9.0.260.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:
flash-plugin-9.0.260.0-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
flash-plugin-9.0.260.0-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
flash-plugin-9.0.260.0-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
flash-plugin-9.0.260.0-1.el4.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3800
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb09-19.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLH9D/XlSAg2UNWIIRAlb5AKC4DVISiRXmGH36zVo/HAmYIVGZFQCdGen1
YbCE13nSy+uAopAemET0yvM=
=SHt6
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

06-11-2010 04:34 PM

Critical: flash-plugin security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2010:0464-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0464.html
Issue date: 2010-06-11
CVE Names: CVE-2008-4546 CVE-2009-3793 CVE-2010-1297
CVE-2010-2160 CVE-2010-2161 CVE-2010-2162
CVE-2010-2163 CVE-2010-2164 CVE-2010-2165
CVE-2010-2166 CVE-2010-2167 CVE-2010-2169
CVE-2010-2170 CVE-2010-2171 CVE-2010-2173
CVE-2010-2174 CVE-2010-2175 CVE-2010-2176
CVE-2010-2177 CVE-2010-2178 CVE-2010-2179
CVE-2010-2180 CVE-2010-2181 CVE-2010-2182
CVE-2010-2183 CVE-2010-2184 CVE-2010-2185
CVE-2010-2186 CVE-2010-2187 CVE-2010-2188
================================================== ===================

1. Summary:

An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security pages APSA10-01 and
APSB10-14, listed in the References section.

Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,
CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,
CVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)

An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)

A denial of service flaw was found in the way flash-plugin processed
certain SWF content. An attacker could use this flaw to create a
specially-crafted SWF file that would cause flash-plugin to crash.
(CVE-2008-4546)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.1.53.64.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

467082 - CVE-2008-4546 flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL
600692 - CVE-2010-1297 acroread, flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)
602847 - flash-plugin: multiple security flaws (APSB10-14)

6. Package List:

RHEL Desktop Supplementary (v. 5 client):

i386:
flash-plugin-10.1-2.el5.i386.rpm

x86_64:
flash-plugin-10.1-2.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:
flash-plugin-10.1-2.el5.i386.rpm

x86_64:
flash-plugin-10.1-2.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2008-4546.html
https://www.redhat.com/security/data/cve/CVE-2009-3793.html
https://www.redhat.com/security/data/cve/CVE-2010-1297.html
https://www.redhat.com/security/data/cve/CVE-2010-2160.html
https://www.redhat.com/security/data/cve/CVE-2010-2161.html
https://www.redhat.com/security/data/cve/CVE-2010-2162.html
https://www.redhat.com/security/data/cve/CVE-2010-2163.html
https://www.redhat.com/security/data/cve/CVE-2010-2164.html
https://www.redhat.com/security/data/cve/CVE-2010-2165.html
https://www.redhat.com/security/data/cve/CVE-2010-2166.html
https://www.redhat.com/security/data/cve/CVE-2010-2167.html
https://www.redhat.com/security/data/cve/CVE-2010-2169.html
https://www.redhat.com/security/data/cve/CVE-2010-2170.html
https://www.redhat.com/security/data/cve/CVE-2010-2171.html
https://www.redhat.com/security/data/cve/CVE-2010-2173.html
https://www.redhat.com/security/data/cve/CVE-2010-2174.html
https://www.redhat.com/security/data/cve/CVE-2010-2175.html
https://www.redhat.com/security/data/cve/CVE-2010-2176.html
https://www.redhat.com/security/data/cve/CVE-2010-2177.html
https://www.redhat.com/security/data/cve/CVE-2010-2178.html
https://www.redhat.com/security/data/cve/CVE-2010-2179.html
https://www.redhat.com/security/data/cve/CVE-2010-2180.html
https://www.redhat.com/security/data/cve/CVE-2010-2181.html
https://www.redhat.com/security/data/cve/CVE-2010-2182.html
https://www.redhat.com/security/data/cve/CVE-2010-2183.html
https://www.redhat.com/security/data/cve/CVE-2010-2184.html
https://www.redhat.com/security/data/cve/CVE-2010-2185.html
https://www.redhat.com/security/data/cve/CVE-2010-2186.html
https://www.redhat.com/security/data/cve/CVE-2010-2187.html
https://www.redhat.com/security/data/cve/CVE-2010-2188.html
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.adobe.com/support/security/bulletins/apsb10-14.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMEmV+XlSAg2UNWIIRArxxAJkBfl/dOmFRIAqzficWGgtCi5PqyACgvT/Y
v+rUV7NqfnCTSGKYzhRoHiU=
=NS2W
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

06-14-2010 10:37 PM

Critical: flash-plugin security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2010:0470-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0470.html
Issue date: 2010-06-14
CVE Names: CVE-2009-3793 CVE-2010-2160 CVE-2010-2161
CVE-2010-2162 CVE-2010-2163 CVE-2010-2164
CVE-2010-2165 CVE-2010-2166 CVE-2010-2167
CVE-2010-2169 CVE-2010-2170 CVE-2010-2171
CVE-2010-2172 CVE-2010-2173 CVE-2010-2174
CVE-2010-2175 CVE-2010-2176 CVE-2010-2177
CVE-2010-2178 CVE-2010-2179 CVE-2010-2180
CVE-2010-2181 CVE-2010-2182 CVE-2010-2183
CVE-2010-2184 CVE-2010-2185 CVE-2010-2186
CVE-2010-2187 CVE-2010-2188
================================================== ===================

1. Summary:

An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 3 and 4 Extras.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 3 Extras - i386
Red Hat Desktop version 4 Extras - i386
Red Hat Enterprise Linux AS version 3 Extras - i386
Red Hat Enterprise Linux AS version 4 Extras - i386
Red Hat Enterprise Linux ES version 3 Extras - i386
Red Hat Enterprise Linux ES version 4 Extras - i386
Red Hat Enterprise Linux WS version 3 Extras - i386
Red Hat Enterprise Linux WS version 4 Extras - i386

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security page APSB10-14,
listed in the References section.

Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,
CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170,
CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)

An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)

All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 9.0.277.0.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

602627 - CVE-2010-2172 flash-plugin: CVE-2010-0187 "possible player crash" affects also v9.x versions of Adobe Flash Player
602847 - flash-plugin: multiple security flaws (APSB10-14)

6. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
flash-plugin-9.0.277.0-1.el3.with.oss.i386.rpm

Red Hat Desktop version 3 Extras:

i386:
flash-plugin-9.0.277.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
flash-plugin-9.0.277.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
flash-plugin-9.0.277.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:
flash-plugin-9.0.277.0-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
flash-plugin-9.0.277.0-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
flash-plugin-9.0.277.0-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
flash-plugin-9.0.277.0-1.el4.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-3793.html
https://www.redhat.com/security/data/cve/CVE-2010-2160.html
https://www.redhat.com/security/data/cve/CVE-2010-2161.html
https://www.redhat.com/security/data/cve/CVE-2010-2162.html
https://www.redhat.com/security/data/cve/CVE-2010-2163.html
https://www.redhat.com/security/data/cve/CVE-2010-2164.html
https://www.redhat.com/security/data/cve/CVE-2010-2165.html
https://www.redhat.com/security/data/cve/CVE-2010-2166.html
https://www.redhat.com/security/data/cve/CVE-2010-2167.html
https://www.redhat.com/security/data/cve/CVE-2010-2169.html
https://www.redhat.com/security/data/cve/CVE-2010-2170.html
https://www.redhat.com/security/data/cve/CVE-2010-2171.html
https://www.redhat.com/security/data/cve/CVE-2010-2172.html
https://www.redhat.com/security/data/cve/CVE-2010-2173.html
https://www.redhat.com/security/data/cve/CVE-2010-2174.html
https://www.redhat.com/security/data/cve/CVE-2010-2175.html
https://www.redhat.com/security/data/cve/CVE-2010-2176.html
https://www.redhat.com/security/data/cve/CVE-2010-2177.html
https://www.redhat.com/security/data/cve/CVE-2010-2178.html
https://www.redhat.com/security/data/cve/CVE-2010-2179.html
https://www.redhat.com/security/data/cve/CVE-2010-2180.html
https://www.redhat.com/security/data/cve/CVE-2010-2181.html
https://www.redhat.com/security/data/cve/CVE-2010-2182.html
https://www.redhat.com/security/data/cve/CVE-2010-2183.html
https://www.redhat.com/security/data/cve/CVE-2010-2184.html
https://www.redhat.com/security/data/cve/CVE-2010-2185.html
https://www.redhat.com/security/data/cve/CVE-2010-2186.html
https://www.redhat.com/security/data/cve/CVE-2010-2187.html
https://www.redhat.com/security/data/cve/CVE-2010-2188.html
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb10-14.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMFq8gXlSAg2UNWIIRAircAJwKjcvhBnB4LM3/k0QyNr8c1+zjewCgmxH+
kDDBVLqtWLHb/nHS6fGNXqc=
=h16w
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

08-11-2010 08:28 PM

Critical: flash-plugin security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2010:0623-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0623.html
Issue date: 2010-08-11
CVE Names: CVE-2010-0209 CVE-2010-2213 CVE-2010-2214
CVE-2010-2215 CVE-2010-2216
================================================== ===================

1. Summary:

An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security page APSB10-16, listed
in the References section.

Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2010-0209,
CVE-2010-2213, CVE-2010-2214, CVE-2010-2216)

A clickjacking flaw was discovered in flash-plugin. A specially-crafted SWF
file could trick a user into unintentionally or mistakenly clicking a link
or a dialog. (CVE-2010-2215)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.1.82.76.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

622947 - CVE-2010-0209 CVE-2010-2213 CVE-2010-2214 CVE-2010-2215 CVE-2010-2216 flash-plugin: multiple security flaws (APSB10-16)

6. Package List:

RHEL Desktop Supplementary (v. 5 client):

i386:
flash-plugin-10.1.82.76-1.el5.i386.rpm

x86_64:
flash-plugin-10.1.82.76-1.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:
flash-plugin-10.1.82.76-1.el5.i386.rpm

x86_64:
flash-plugin-10.1.82.76-1.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0209.html
https://www.redhat.com/security/data/cve/CVE-2010-2213.html
https://www.redhat.com/security/data/cve/CVE-2010-2214.html
https://www.redhat.com/security/data/cve/CVE-2010-2215.html
https://www.redhat.com/security/data/cve/CVE-2010-2216.html
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb10-16.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMYwfgXlSAg2UNWIIRAkPMAKC6Tl/IOmXUlxnkWPiHNvXxxYM7CgCgxXdH
Lz+uZDoiC4fKFdlQUgn3ito=
=0pRs
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

08-11-2010 08:28 PM

Critical: flash-plugin security update
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2010:0624-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0624.html
Issue date: 2010-08-11
CVE Names: CVE-2010-0209 CVE-2010-2213 CVE-2010-2214
CVE-2010-2215 CVE-2010-2216
================================================== ===================

1. Summary:

An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 3 and 4 Extras.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 3 Extras - i386
Red Hat Desktop version 4 Extras - i386
Red Hat Enterprise Linux AS version 3 Extras - i386
Red Hat Enterprise Linux AS version 4 Extras - i386
Red Hat Enterprise Linux ES version 3 Extras - i386
Red Hat Enterprise Linux ES version 4 Extras - i386
Red Hat Enterprise Linux WS version 3 Extras - i386
Red Hat Enterprise Linux WS version 4 Extras - i386

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security page APSB10-16, listed
in the References section.

Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2010-0209,
CVE-2010-2213, CVE-2010-2214, CVE-2010-2216)

A clickjacking flaw was discovered in flash-plugin. A specially-crafted SWF
file could trick a user into unintentionally or mistakenly clicking a link
or a dialog. (CVE-2010-2215)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 9.0.280.0.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

622947 - CVE-2010-0209 CVE-2010-2213 CVE-2010-2214 CVE-2010-2215 CVE-2010-2216 flash-plugin: multiple security flaws (APSB10-16)

6. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
flash-plugin-9.0.280.0-1.el3.with.oss.i386.rpm

Red Hat Desktop version 3 Extras:

i386:
flash-plugin-9.0.280.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
flash-plugin-9.0.280.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
flash-plugin-9.0.280.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:
flash-plugin-9.0.280.0-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
flash-plugin-9.0.280.0-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
flash-plugin-9.0.280.0-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
flash-plugin-9.0.280.0-1.el4.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0209.html
https://www.redhat.com/security/data/cve/CVE-2010-2213.html
https://www.redhat.com/security/data/cve/CVE-2010-2214.html
https://www.redhat.com/security/data/cve/CVE-2010-2215.html
https://www.redhat.com/security/data/cve/CVE-2010-2216.html
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb10-16.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMYwf5XlSAg2UNWIIRAtARAJ4lsLo3vbzh8PFBe2dI7B/MrfOOkQCgogv+
Q6kRzR/lrB+GDxlURcRr/7w=
=lN9E
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list


All times are GMT. The time now is 04:13 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.