514877 – (CVE-2009-1867, CVE-2009-1870) flash-plugin: multiple information disclosure flaws (APSB09-10)

Bug 514877 (CVE-2009-1867, CVE-2009-1870) - flash-plugin: multiple information disclosure flaws (APSB09-10)

Summary: flash-plugin: multiple information disclosure flaws (APSB09-10)

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2009-1867, CVE-2009-1870
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	513373 513374 513375
Blocks:
TreeView+	depends on / blocked

Reported:	2009-07-31 07:49 UTC by Tomas Hoger
Modified:	2022-04-07 12:30 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-07-31 14:58:13 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2009:1188	0	normal	SHIPPED_LIVE	Critical: flash-plugin security update	2009-07-31 14:20:56 UTC
Red Hat Product Errata	RHSA-2009:1189	0	normal	SHIPPED_LIVE	Critical: flash-plugin security update	2009-07-31 14:16:59 UTC

Description Tomas Hoger 2009-07-31 07:49:12 UTC

Adobe has released new versions of Adobe Flash Player - 9.0.246.0 and
10.0.32.18 - fixing multiple security issues that can result in information disclosure or trick user to unintentionally click on the link or dialog.  Issues are detailed in the Adobe Security Bulletin APSB09-10:

http://www.adobe.com/support/security/bulletins/apsb09-10.html

Quoting Adobe Security Bulletin:

The update for Adobe Flash Player and Adobe AIR resolves a clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog (CVE-2009-1867).

The update for Adobe Flash Player and Adobe AIR resolves a local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive (CVE-2009-1870).

Comment 2 errata-xmlrpc 2009-07-31 14:17:07 UTC

This issue has been addressed in following products:

  Extras for RHEL 3
  Extras for RHEL 4

Via RHSA-2009:1189 https://rhn.redhat.com/errata/RHSA-2009-1189.html

Comment 3 errata-xmlrpc 2009-07-31 14:21:03 UTC

This issue has been addressed in following products:

  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1188 https://rhn.redhat.com/errata/RHSA-2009-1188.html

Note You need to log in before you can comment on or make changes to this bug.