Adobe has released APSB11-21 [1] along with Flash Player 10.3.183.5 to correct a number of critical flaws. The flaws are described as: Critical vulnerabilities have been identified in Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.25 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.5. Users of Adobe Flash Player for Android 10.3.185.25 and earlier versions should update to Adobe Flash Player for Android 10.3.186.3. Users of Adobe AIR 2.7 for Windows and Macintosh, should update to 2.7.1 and users of AIR 2.7 for Android should update to Adobe AIR 2.7.1.1961. Note: Adobe is not aware of any exploits 'in the wild' for the issues addressed in this update. This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2130). This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2134). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2135). This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2011-2136). This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2137). This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2011-2138). This update resolves a cross-site information disclosure vulnerability that could lead to code execution (CVE-2011-2139). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2140). This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2414). This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2415). This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2011-2416). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2417). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2425). [1] http://www.adobe.com/support/security/bulletins/apsb11-21.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:1144 https://rhn.redhat.com/errata/RHSA-2011-1144.html
External References: http://www.adobe.com/support/security/bulletins/apsb11-21.html
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2424 to the following vulnerability: Name: CVE-2011-2424 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2424 Assigned: 20110606 Reference: http://googleonlinesecurity.blogspot.com/2011/08/fuzzing-at-scale.html Reference: http://twitter.com/taviso/statuses/101046246277521409 Reference: http://twitter.com/taviso/statuses/101046396790128640 Reference: http://blogs.adobe.com/asset/2011/08/how-did-you-get-to-that-number.html Reference: http://www.adobe.com/support/security/bulletins/apsb11-21.html Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures. (This CVE was allocated to cover the "other" stuff).
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:1434 https://rhn.redhat.com/errata/RHSA-2011-1434.html