Bug 563819 (CVE-2010-0186)

Summary: CVE-2010-0186 flash-plugin: unauthorized cross-domain requests (APSB10-06)
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: kreilly, llim, mkasik, security-response-team, wtogami, zmraz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.adobe.com/support/security/bulletins/apsb10-06.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-29 08:59:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 563863, 564230, 564231, 566092, 566093    
Bug Blocks:    

Description Jan Lieskovsky 2010-02-11 09:25:00 UTC 
On Thursday, 2010-02-11, Adobe is planning to release updated
tarballs for Adobe Flash Player of version v10.0.42.34,
adressing two security issues:

1, An unspecified critical vulnerability was found in Adobe Flash
Player (and related products), which could allow an attacker to
subvert the domain sandbox and make unauthorized cross-domain
requests. (CVE-2010-0186).

Credit: Michael Yong Park
Vulnerable versions of Adobe Flash Player: v10.0.42.34 and earlier
Not vulnerable versions of Adobe Flash Player: 10.0.45.2

2, An unspecified vulnerability was found in Adobe Flash Player
(and related products), which could allow an attacker to 
cause denial of service by unspecified vectors. (CVE-2010-0187)

References:
  http://www.adobe.com/support/security/bulletins/apsb10-06.html
Comment 3 Tomas Hoger 2010-02-12 07:58:01 UTC 
Public now via Adobe Security Bulletin APSB10-06:
  http://www.adobe.com/support/security/bulletins/apsb10-06.html
Comment 4 Tomas Hoger 2010-02-12 08:00:51 UTC 
Adobe Reader 9.x versions embed Flash Player.  Adobe is planning to update Adobe Reader on Feb16:
  http://www.adobe.com/support/security/bulletins/apsb10-07.html
Comment 6 Tomas Hoger 2010-02-12 09:52:16 UTC 
CVE-2010-0187 was split to separate bug #564287.
Comment 7 errata-xmlrpc 2010-02-12 14:24:29 UTC 
This issue has been addressed in following products:

  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0102 https://rhn.redhat.com/errata/RHSA-2010-0102.html
Comment 8 errata-xmlrpc 2010-02-12 14:24:46 UTC 
This issue has been addressed in following products:

  Extras for RHEL 3
  Extras for RHEL 4

Via RHSA-2010:0103 https://rhn.redhat.com/errata/RHSA-2010-0103.html
Comment 10 errata-xmlrpc 2010-02-18 15:48:57 UTC 
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0114 https://rhn.redhat.com/errata/RHSA-2010-0114.html