A flaw was found in the way Flash Player interprets policy files. It is possible to bypass a non-root domain policy, possibly allowing a malicious site to access data in a different domain.
Public now via upstream security bulletin: http://www.adobe.com/support/security/bulletins/apsb08-20.html Fixed in: 9.0.151.0 and 10.0.12.36
This issue was addressed in: Red Hat Enterprise Linux Extras: http://rhn.redhat.com/errata/RHSA-2008-0945.html http://rhn.redhat.com/errata/RHSA-2008-0980.html