Bug 649938 (CVE-2010-3636, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652) - flash-plugin: security bulletin APSB10-26
Summary: flash-plugin: security bulletin APSB10-26
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-3636, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://www.adobe.com/support/security...
Whiteboard:
Depends On: 649111 649113 649115
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-04 20:42 UTC by Vincent Danen
Modified: 2020-07-01 03:05 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-09-25 16:08:23 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0829 0 normal SHIPPED_LIVE Critical: flash-plugin security update 2010-11-06 00:42:34 UTC
Red Hat Product Errata RHSA-2010:0834 0 normal SHIPPED_LIVE Critical: flash-plugin security update 2010-11-08 16:25:36 UTC
Red Hat Product Errata RHSA-2010:0867 0 normal SHIPPED_LIVE Critical: flash-plugin security update 2010-11-09 19:00:29 UTC

Description Vincent Danen 2010-11-04 20:42:14 UTC
On 2011-11-04 Aboe plans to release an update for Adobe Flash Player, providing 10.1.102.64 and 9.0.289.0 to address multiple security issues allowing code execution.  The flaws are described in the Adobe Security Bulletin ASPB10-26:

http://www.adobe.com/support/security/bulletins/apsb10-26.html

* This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3654).

* This update resolves an input validation issue vulnerability that could lead to a bypass of cross-domain policy file restrictions with certain server encodings (CVE-2010-3636).

* This update resolves a memory corruption vulnerability that could lead to code execution (ActiveX only) (CVE-2010-3637).

* This update resolves an information disclosure vulnerability (Macintosh platform, Safari browser-only) (CVE-2010-3638).

* This update resolves a Denial of Service vulnerability. Arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-3639).

* This update resolves multiple memory corruption vulnerabilities that could lead to code execution: (CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652)

* This update resolves a library-loading vulnerability that could lead to code execution (CVE-2010-3976).

Comment 1 Vincent Danen 2010-11-05 02:47:35 UTC
At this time, there seems to be problems obtaining the updated packages although the advisory is now live.

The Flash Player 9 download link provides the old 9.0.283.0 version as opposed to the newer 9.0.289.0.

As well, the Flash Player 10 download is unversioned (flash version test using http://kb2.adobe.com/cps/155/tn_15507.html shows simply 'LNX' for the version, rather than an appropriate version string), so I am unable to determine if this is the right file.  I've emailed Adobe PSIRT for confirmation of the 10.x and to inquire as to the whereabouts of the 9.x download.

Comment 2 Tomas Hoger 2010-11-05 09:03:28 UTC
(In reply to comment #1)

> The Flash Player 9 download link provides the old 9.0.283.0 version as opposed
> to the newer 9.0.289.0.

Download link still points to old 9.0.283.0 tarball.

> As well, the Flash Player 10 download is unversioned (flash version test using
> http://kb2.adobe.com/cps/155/tn_15507.html shows simply 'LNX' for the version,
> rather than an appropriate version string), so I am unable to determine if this
> is the right file.

Scrolling mouse wheel over that LNX text shows versions.  about:plugins page shows plugin version too.  libflashplayer.so binary can also be grepped for version string:

$ strings libflashplayer.so | grep LNX
LNX 10,1,102,64


(In reply to comment #0)

> * This update resolves a library-loading vulnerability that could lead to code
> execution (CVE-2010-3976).

This may be one of the recent DLL loading issues and hence be platform-specific.  APSB10-26 does not provide further details, Mitre CVE entry links:

Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)
http://www.securityfocus.com/archive/1/513599/30/480/threaded

Comment 3 errata-xmlrpc 2010-11-06 00:42:41 UTC
This issue has been addressed in following products:

  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0829 https://rhn.redhat.com/errata/RHSA-2010-0829.html

Comment 4 errata-xmlrpc 2010-11-08 16:25:43 UTC
This issue has been addressed in following products:

  Extras for RHEL 4

Via RHSA-2010:0834 https://rhn.redhat.com/errata/RHSA-2010-0834.html

Comment 5 errata-xmlrpc 2010-11-10 18:49:28 UTC
This issue has been addressed in following products:

  Extras for Red Hat Enterprise Linux 6

Via RHSA-2010:0867 https://rhn.redhat.com/errata/RHSA-2010-0867.html


Note You need to log in before you can comment on or make changes to this bug.