Bug 470130 (CVE-2008-4822)

Summary:	CVE-2008-4822 Flash Player policy file interpretation flaw
Product:	[Other] Security Response	Reporter:	Josh Bressers <bressers>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED ERRATA	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	bressers, wtogami
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
URL:	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4822
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2008-12-19 19:32:02 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	466158, 466159
Bug Blocks:

Description Josh Bressers 2008-11-05 21:21:17 UTC

A flaw was found in the way Flash Player interprets policy files. It is
possible to bypass a non-root domain policy, possibly allowing a malicious
site to access data in a different domain.

Comment 1 Tomas Hoger 2008-11-06 08:42:32 UTC

Public now via upstream security bulletin:
  http://www.adobe.com/support/security/bulletins/apsb08-20.html

Fixed in: 9.0.151.0 and 10.0.12.36

Comment 2 Red Hat Product Security 2008-12-19 19:32:02 UTC

This issue was addressed in:

Red Hat Enterprise Linux Extras:
  http://rhn.redhat.com/errata/RHSA-2008-0945.html
  http://rhn.redhat.com/errata/RHSA-2008-0980.html