Bug 487142 (CVE-2009-0520)

Summary: CVE-2009-0520 flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: benl, kreilly, llim, mjc, mkoci, ohudlick, security-response-team, wtogami
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-02-26 08:19:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 487287, 487288    
Bug Blocks:    

Description Jan Lieskovsky 2009-02-24 14:34:17 UTC 
A buffer overflow flaw was found in the Adobe Flash Player for Linux 10.0.12.36
that could allow attacker to execute arbitrary code on the user's
system when crafted SWF file was opened by a victim.
Comment 1 Jan Lieskovsky 2009-02-25 10:42:14 UTC 
This issue now public:

http://www.adobe.com/support/security/bulletins/apsb09-01.html
Comment 3 Red Hat Product Security 2009-02-26 08:19:04 UTC 
This issue was addressed in:

Red Hat Enterprise Linux Extras:
  http://rhn.redhat.com/errata/RHSA-2009-0332.html
  http://rhn.redhat.com/errata/RHSA-2009-0334.html