Bug 649938 - (CVE-2010-3636, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3976) flash-plugin: security bulletin APSB10-26
flash-plugin: security bulletin APSB10-26
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
http://www.adobe.com/support/security...
public=20101104,reported=20101104,sou...
: Security
Depends On: 649111 649113 649115
Blocks:
  Show dependency treegraph
 
Reported: 2010-11-04 16:42 EDT by Vincent Danen
Modified: 2015-08-19 04:59 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-25 12:08:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2010-11-04 16:42:14 EDT
On 2011-11-04 Aboe plans to release an update for Adobe Flash Player, providing 10.1.102.64 and 9.0.289.0 to address multiple security issues allowing code execution.  The flaws are described in the Adobe Security Bulletin ASPB10-26:

http://www.adobe.com/support/security/bulletins/apsb10-26.html

* This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3654).

* This update resolves an input validation issue vulnerability that could lead to a bypass of cross-domain policy file restrictions with certain server encodings (CVE-2010-3636).

* This update resolves a memory corruption vulnerability that could lead to code execution (ActiveX only) (CVE-2010-3637).

* This update resolves an information disclosure vulnerability (Macintosh platform, Safari browser-only) (CVE-2010-3638).

* This update resolves a Denial of Service vulnerability. Arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-3639).

* This update resolves multiple memory corruption vulnerabilities that could lead to code execution: (CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652)

* This update resolves a library-loading vulnerability that could lead to code execution (CVE-2010-3976).
Comment 1 Vincent Danen 2010-11-04 22:47:35 EDT
At this time, there seems to be problems obtaining the updated packages although the advisory is now live.

The Flash Player 9 download link provides the old 9.0.283.0 version as opposed to the newer 9.0.289.0.

As well, the Flash Player 10 download is unversioned (flash version test using http://kb2.adobe.com/cps/155/tn_15507.html shows simply 'LNX' for the version, rather than an appropriate version string), so I am unable to determine if this is the right file.  I've emailed Adobe PSIRT for confirmation of the 10.x and to inquire as to the whereabouts of the 9.x download.
Comment 2 Tomas Hoger 2010-11-05 05:03:28 EDT
(In reply to comment #1)

> The Flash Player 9 download link provides the old 9.0.283.0 version as opposed
> to the newer 9.0.289.0.

Download link still points to old 9.0.283.0 tarball.

> As well, the Flash Player 10 download is unversioned (flash version test using
> http://kb2.adobe.com/cps/155/tn_15507.html shows simply 'LNX' for the version,
> rather than an appropriate version string), so I am unable to determine if this
> is the right file.

Scrolling mouse wheel over that LNX text shows versions.  about:plugins page shows plugin version too.  libflashplayer.so binary can also be grepped for version string:

$ strings libflashplayer.so | grep LNX
LNX 10,1,102,64


(In reply to comment #0)

> * This update resolves a library-loading vulnerability that could lead to code
> execution (CVE-2010-3976).

This may be one of the recent DLL loading issues and hence be platform-specific.  APSB10-26 does not provide further details, Mitre CVE entry links:

Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)
http://www.securityfocus.com/archive/1/513599/30/480/threaded
Comment 3 errata-xmlrpc 2010-11-05 20:42:41 EDT
This issue has been addressed in following products:

  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0829 https://rhn.redhat.com/errata/RHSA-2010-0829.html
Comment 4 errata-xmlrpc 2010-11-08 11:25:43 EST
This issue has been addressed in following products:

  Extras for RHEL 4

Via RHSA-2010:0834 https://rhn.redhat.com/errata/RHSA-2010-0834.html
Comment 5 errata-xmlrpc 2010-11-10 13:49:28 EST
This issue has been addressed in following products:

  Extras for Red Hat Enterprise Linux 6

Via RHSA-2010:0867 https://rhn.redhat.com/errata/RHSA-2010-0867.html

Note You need to log in before you can comment on or make changes to this bug.