Bug 563819 (CVE-2010-0186) - CVE-2010-0186 flash-plugin: unauthorized cross-domain requests (APSB10-06)
Summary: CVE-2010-0186 flash-plugin: unauthorized cross-domain requests (APSB10-06)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-0186
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://www.adobe.com/support/security...
Whiteboard:
Depends On: 563863 564230 564231 566092 566093
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-02-11 09:25 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:34 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-03-29 08:59:32 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0102 normal SHIPPED_LIVE Important: flash-plugin security update 2010-02-12 14:24:26 UTC
Red Hat Product Errata RHSA-2010:0103 normal SHIPPED_LIVE Important: flash-plugin security update 2010-02-12 14:24:44 UTC
Red Hat Product Errata RHSA-2010:0114 normal SHIPPED_LIVE Critical: acroread security and bug fix update 2010-02-18 15:48:52 UTC

Description Jan Lieskovsky 2010-02-11 09:25:00 UTC
On Thursday, 2010-02-11, Adobe is planning to release updated
tarballs for Adobe Flash Player of version v10.0.42.34,
adressing two security issues:

1, An unspecified critical vulnerability was found in Adobe Flash
Player (and related products), which could allow an attacker to
subvert the domain sandbox and make unauthorized cross-domain
requests. (CVE-2010-0186).

Credit: Michael Yong Park
Vulnerable versions of Adobe Flash Player: v10.0.42.34 and earlier
Not vulnerable versions of Adobe Flash Player: 10.0.45.2

2, An unspecified vulnerability was found in Adobe Flash Player
(and related products), which could allow an attacker to 
cause denial of service by unspecified vectors. (CVE-2010-0187)

References:
  http://www.adobe.com/support/security/bulletins/apsb10-06.html

Comment 3 Tomas Hoger 2010-02-12 07:58:01 UTC
Public now via Adobe Security Bulletin APSB10-06:
  http://www.adobe.com/support/security/bulletins/apsb10-06.html

Comment 4 Tomas Hoger 2010-02-12 08:00:51 UTC
Adobe Reader 9.x versions embed Flash Player.  Adobe is planning to update Adobe Reader on Feb16:
  http://www.adobe.com/support/security/bulletins/apsb10-07.html

Comment 6 Tomas Hoger 2010-02-12 09:52:16 UTC
CVE-2010-0187 was split to separate bug #564287.

Comment 7 errata-xmlrpc 2010-02-12 14:24:29 UTC
This issue has been addressed in following products:

  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0102 https://rhn.redhat.com/errata/RHSA-2010-0102.html

Comment 8 errata-xmlrpc 2010-02-12 14:24:46 UTC
This issue has been addressed in following products:

  Extras for RHEL 3
  Extras for RHEL 4

Via RHSA-2010:0103 https://rhn.redhat.com/errata/RHSA-2010-0103.html

Comment 10 errata-xmlrpc 2010-02-18 15:48:57 UTC
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0114 https://rhn.redhat.com/errata/RHSA-2010-0114.html


Note You need to log in before you can comment on or make changes to this bug.