Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Red Hat 3, 4 Extras RHSA-2010-0470-01 Critical: Flash-Plugin Threat

Calendar Jun 14, 2010 User Avatar LinuxSecurity Advisories
3 - 6 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory Red Hat critical security issues flash-plugin Adobe Flash
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4 Extras. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

====================================================================                   Red Hat Security Advisory

Synopsis:          Critical: flash-plugin security update
Advisory ID:       RHSA-2010:0470-01
Product:           Red Hat Enterprise Linux Extras
Advisory URL:      https://access.redhat.com/errata/RHSA-2010:0470.html
Issue date:        2010-06-14
CVE Names:         CVE-2009-3793 CVE-2010-2160 CVE-2010-2161 
                   CVE-2010-2162 CVE-2010-2163 CVE-2010-2164 
                   CVE-2010-2165 CVE-2010-2166 CVE-2010-2167 
                   CVE-2010-2169 CVE-2010-2170 CVE-2010-2171 
                   CVE-2010-2172 CVE-2010-2173 CVE-2010-2174 
                   CVE-2010-2175 CVE-2010-2176 CVE-2010-2177 
                   CVE-2010-2178 CVE-2010-2179 CVE-2010-2180 
                   CVE-2010-2181 CVE-2010-2182 CVE-2010-2183 
                   CVE-2010-2184 CVE-2010-2185 CVE-2010-2186 
                   CVE-2010-2187 CVE-2010-2188 
====================================================================
1. Summary:

An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 3 and 4 Extras.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 3 Extras - i386
Red Hat Desktop version 4 Extras - i386
Red Hat Enterprise Linux AS version 3 Extras - i386
Red Hat Enterprise Linux AS version 4 Extras - i386
Red Hat Enterprise Linux ES version 3 Extras - i386
Red Hat Enterprise Linux ES version 4 Extras - i386
Red Hat Enterprise Linux WS version 3 Extras - i386
Red Hat Enterprise Linux WS version 4 Extras - i386

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security page APSB10-14,
listed in the References section.

Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, 
CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, 
CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, 
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181, 
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, 
CVE-2010-2187, CVE-2010-2188)

An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)

All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 9.0.277.0.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

5. Bugs fixed (http://bugzilla.redhat.com/):

602627 - CVE-2010-2172 flash-plugin: CVE-2010-0187 "possible player crash" affects also v9.x versions of Adobe Flash Player
602847 - flash-plugin: multiple security flaws (APSB10-14)

6. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
flash-plugin-9.0.277.0-1.el3.with.oss.i386.rpm

Red Hat Desktop version 3 Extras:

i386:
flash-plugin-9.0.277.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
flash-plugin-9.0.277.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
flash-plugin-9.0.277.0-1.el3.with.oss.i386.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:
flash-plugin-9.0.277.0-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
flash-plugin-9.0.277.0-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
flash-plugin-9.0.277.0-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
flash-plugin-9.0.277.0-1.el4.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://access.redhat.com/security/team/key#package

7. References:

https://access.redhat.com/security/cve/CVE-2009-3793
https://access.redhat.com/security/cve/CVE-2010-2160
https://access.redhat.com/security/cve/CVE-2010-2161
https://access.redhat.com/security/cve/CVE-2010-2162
https://access.redhat.com/security/cve/CVE-2010-2163
https://access.redhat.com/security/cve/CVE-2010-2164
https://access.redhat.com/security/cve/CVE-2010-2165
https://access.redhat.com/security/cve/CVE-2010-2166
https://access.redhat.com/security/cve/CVE-2010-2167
https://access.redhat.com/security/cve/CVE-2010-2169
https://access.redhat.com/security/cve/CVE-2010-2170
https://access.redhat.com/security/cve/CVE-2010-2171
https://access.redhat.com/security/cve/CVE-2010-2172
https://access.redhat.com/security/cve/CVE-2010-2173
https://access.redhat.com/security/cve/CVE-2010-2174
https://access.redhat.com/security/cve/CVE-2010-2175
https://access.redhat.com/security/cve/CVE-2010-2176
https://access.redhat.com/security/cve/CVE-2010-2177
https://access.redhat.com/security/cve/CVE-2010-2178
https://access.redhat.com/security/cve/CVE-2010-2179
https://access.redhat.com/security/cve/CVE-2010-2180
https://access.redhat.com/security/cve/CVE-2010-2181
https://access.redhat.com/security/cve/CVE-2010-2182
https://access.redhat.com/security/cve/CVE-2010-2183
https://access.redhat.com/security/cve/CVE-2010-2184
https://access.redhat.com/security/cve/CVE-2010-2185
https://access.redhat.com/security/cve/CVE-2010-2186
https://access.redhat.com/security/cve/CVE-2010-2187
https://access.redhat.com/security/cve/CVE-2010-2188
https://access.redhat.com/security/updates/classification#critical

8. Contact:

The Red Hat security contact is .  More contact
details at https://access.redhat.com/security/team/contact

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMFq8gXlSAg2UNWIIRAircAJwKjcvhBnB4LM3/k0QyNr8c1+zjewCgmxH+
kDDBVLqtWLHb/nHS6fGNXqc=h16w
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Warning: Undefined variable $read_more_reference in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 1198

Red Hat 3, 4 Extras RHSA-2010-0470-01 Critical: Flash-Plugin Threat

red hat
Calendar Grey June 14, 2010
Dist Redhat Esm H88
Urgent security patch released for Flash plugin addresses several vulnerabilities in Red Hat Linux versions 3 and 4 Extras. Essential for all users to apply!
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4 Extras

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

Summary

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB10-14, listed in the References section.
Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3793, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188)
An input sanitization flaw was found in the way flash-plugin processed certain URLs. An attacker could use this flaw to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2010-2179)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 9.0.277.0.

Topics%20covered

Topics Covered

security advisory Red Hat critical security issues flash-plugin Adobe Flash

References

https://access.redhat.com/security/cve/CVE-2009-3793 https://access.redhat.com/security/cve/CVE-2010-2160 https://access.redhat.com/security/cve/CVE-2010-2161 https://access.redhat.com/security/cve/CVE-2010-2162 https://access.redhat.com/security/cve/CVE-2010-2163 https://access.redhat.com/security/cve/CVE-2010-2164 https://access.redhat.com/security/cve/CVE-2010-2165 https://access.redhat.com/security/cve/CVE-2010-2166 https://access.redhat.com/security/cve/CVE-2010-2167 https://access.redhat.com/security/cve/CVE-2010-2169 https://access.redhat.com/security/cve/CVE-2010-2170 https://access.redhat.com/security/cve/CVE-2010-2171 https://access.redhat.com/security/cve/CVE-2010-2172 https://access.redhat.com/security/cve/CVE-2010-2173 https://access.redhat.com/security/cve/CVE-2010-2174 https://access.redhat.com/security/cve/CVE-2010-2175 https://access.redhat.com/security/cve/CVE-2010-2176 https://access.redhat.com/security/cve/CVE-2010-2177 https://access.redhat.com/security/cve/CVE-2010-2178 https://access.redhat.com/security/cve/CVE-2010-2179 https://access.redhat.com/security/cve/CVE-2010-2180 https://access.redhat.com/security/cve/CVE-2010-2181 https://access.redhat.com/security/cve/CVE-2010-2182 https://access.redhat.com/security/cve/CVE-2010-2183 Read the Full Advisory

Package List

Red Hat Enterprise Linux AS version 3 Extras:
i386: flash-plugin-9.0.277.0-1.el3.with.oss.i386.rpm
Red Hat Desktop version 3 Extras:
i386: flash-plugin-9.0.277.0-1.el3.with.oss.i386.rpm
Red Hat Enterprise Linux ES version 3 Extras:
i386: flash-plugin-9.0.277.0-1.el3.with.oss.i386.rpm
Red Hat Enterprise Linux WS version 3 Extras:
i386: flash-plugin-9.0.277.0-1.el3.with.oss.i386.rpm
Red Hat Enterprise Linux AS version 4 Extras:
i386: flash-plugin-9.0.277.0-1.el4.i386.rpm
Red Hat Desktop version 4 Extras:
i386: flash-plugin-9.0.277.0-1.el4.i386.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: flash-plugin-9.0.277.0-1.el4.i386.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: flash-plugin-9.0.277.0-1.el4.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2010:0470-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://access.redhat.com/errata/RHSA-2010:0470.html
Issue date: 2010-06-14

Topic

An updated Adobe Flash Player package that fixes multiple security issuesis now available for Red Hat Enterprise Linux 3 and 4 Extras.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat critical security issues flash-plugin Adobe Flash

Relevant Releases Architectures

Red Hat Desktop version 3 Extras - i386

Red Hat Desktop version 4 Extras - i386

Red Hat Enterprise Linux AS version 3 Extras - i386

Red Hat Enterprise Linux AS version 4 Extras - i386

Red Hat Enterprise Linux ES version 3 Extras - i386

Red Hat Enterprise Linux ES version 4 Extras - i386

Red Hat Enterprise Linux WS version 3 Extras - i386

Red Hat Enterprise Linux WS version 4 Extras - i386

Bugs Fixed

602627 - CVE-2010-2172 flash-plugin: CVE-2010-0187 "possible player crash" affects also v9.x versions of Adobe Flash Player

602847 - flash-plugin: multiple security flaws (APSB10-14)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here