Adobe has released new versions of Adobe Flash Player - 9.0.246.0 and 10.0.32.18 - fixing multiple security issues allowing code execution when malicious SWF files were played, detailed in the Adobe Security Bulletin APSB09-10: http://www.adobe.com/support/security/bulletins/apsb09-10.html Quoting Adobe Security Bulletin: The update for Adobe Flash Player and Adobe AIR, Adobe Reader and Acrobat resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-1862). (tracked via separate bug #513362) The update for Adobe Flash Player and Adobe AIR resolves the privilege escalation vulnerability that could potentially lead to code execution (CVE-2009-1863). The update for Adobe Flash Player and Adobe AIR resolves the heap overflow vulnerability that could potentially lead to code execution (CVE-2009-1864). The update for Adobe Flash Player and Adobe AIR resolves the null pointer vulnerability that could potentially lead to code execution (CVE-2009-1865). The update for Adobe Flash Player and Adobe AIR resolves the stack overflow vulnerability that could potentially lead to code execution (CVE-2009-1866). The update for Adobe Flash Player and Adobe AIR resolves the URL parsing heap overflow vulnerability that could potentially lead to code execution (CVE-2009-1868). The update for Adobe Flash Player and Adobe AIR resolves the integer overflow vulnerability that could potentially lead to code execution (CVE-2009-1869).
This issue has been addressed in following products: Extras for RHEL 3 Extras for RHEL 4 Via RHSA-2009:1189 https://rhn.redhat.com/errata/RHSA-2009-1189.html
This issue has been addressed in following products: Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:1188 https://rhn.redhat.com/errata/RHSA-2009-1188.html