Bug 218973 - CVE-2006-5330 Flash Player HTTP header injection
Summary: CVE-2006-5330 Flash Player HTTP header injection
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: flash-plugin
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Warren Togami
QA Contact:
URL: http://www.adobe.com/support/security...
Whiteboard: source=cve,reported=20061017,impact=m...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-12-08 20:03 UTC by Josh Bressers
Modified: 2007-11-30 22:07 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2007-01-09 14:10:15 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0009 normal SHIPPED_LIVE Moderate: flash-plugin security update 2007-01-09 14:10:13 UTC

Description Josh Bressers 2006-12-08 20:03:46 UTC
Adobe released Flash Player 7.0.69.0 which fixes a flaw that allows a malicious
flash client to modify the headers of an HTTP client request.  This flaw by
itself is not a security issue, but can be leveraged to exploit certain proxy
and web server flaws.

This flaw also affect the flash player shipped in RHEL3.

Comment 1 Josh Bressers 2006-12-11 20:59:43 UTC
This will be RHSA-2006:0756

Comment 3 Warren Togami 2006-12-13 22:11:30 UTC
http://porkchop.redhat.com/brewroot/packages/flash-plugin/7.0.69/
Package is built and ready for testing.

I don't know if it has the correct tag for LACD errata, that part is confusing.

Comment 5 Red Hat Bugzilla 2007-01-09 14:10:15 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0009.html



Note You need to log in before you can comment on or make changes to this bug.