Adobe published an advisory: [1] http://www.adobe.com/support/security/advisories/apsa10-01.html detailing information about one critical vulnerability (from [1]): =================================================================== A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix. Affected versions: ================== Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX Note: ----- The Flash Player 10.1 Release Candidate available at http://labs.adobe.com /technologies/flashplayer10/ does not appear to be vulnerable. Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Mitigation steps: ================= * Adobe Flash Player The Flash Player 10.1 Release Candidate available at http://labs.adobe.com /technologies/flashplayer10/ does not appear to be vulnerable. * Adobe Reader and Acrobat Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat. Red Hat Security Response Team statement: ========================================= The Red Hat Security Response Team is aware and monitoring progress on this flaw, cooperating with Adobe Product Security Incident Response Team and once further information is available regarding availability of updates, will immediately react to ensure this flaw will be addressed in a timely manner.
Adobe has updated mitigation steps for the issue in acroread: [1] http://www.adobe.com/support/security/advisories/apsa10-01.html Adobe Reader - UNIX 1) Go to installation location of Reader (typically a folder named Adobe) 2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris) 3) Remove the library named "libauthplay.so.0.0.0"
This issue affects the versions of the flash-plugin package, as shipped with Red Hat Enterprise Linux 3, 4, and 5.
This issue has been addressed in following products: Extras for Red Hat Enterprise Linux 5 Via RHSA-2010:0464 https://rhn.redhat.com/errata/RHSA-2010-0464.html
This issue has been addressed in following products: Extras for RHEL 3 Extras for RHEL 4 Via RHSA-2010:0470 https://rhn.redhat.com/errata/RHSA-2010-0470.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2010:0503 https://rhn.redhat.com/errata/RHSA-2010-0503.html