Bug 1129417 (CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545, CVE-2014-5333)
| Summary: | CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 CVE-2014-5333 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | unspecified | CC: | ed.costello, emhuang, mmelanso, mtilburg, stransky |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | flash-plugin 11.2.202.400 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-08-13 10:16:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1129420, 1129421, 1129422, 1129423 | ||
| Bug Blocks: | 1129418 | ||
|
Description
Vincent Danen
2014-08-12 17:40:46 UTC
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1051 https://rhn.redhat.com/errata/RHSA-2014-1051.html Common Vulnerabilities and Exposures assigned an identifier CVE-2014-5333 to the following vulnerability: Name: CVE-2014-5333 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5333 Assigned: 20140818 Reference: http://miki.it/blog/2014/8/15/adobe-really-fixed-rosetta-flash-today/ Reference: http://helpx.adobe.com/security/products/flash-player/apsb14-18.html Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671. (NOTE: we have no way to prove the authenticity of this claim, however MITRE has assigned this CVE and indicates it is due to an incomplete fix for a CVE that was fixed in the prior flash-plugin for Linux, so the assumption that the incomplete fix was in 11.2.202.394 and corrected in 11.2.202.400 (shipped with this erratum) makes sense. It is, however, not noted on Adobe's advisory page, nor is the author of the referenced blog post credited by Adobe on the advisory page.) APSB14-18 has been updated to note: These updates include a new validation check to handle specially crafted SWF content that can bypass restrictions introduced in version 14.0.0.145. The new restrictions in 14.0.0.176 prevent Flash Player from being used for cross-site request forgery attacks on JSONP endpoints (CVE-2014-5333). |