On Thursday, 2010-02-11, Adobe is planning to release updated tarballs for Adobe Flash Player of version v10.0.42.34, adressing two security issues: 1, An unspecified critical vulnerability was found in Adobe Flash Player (and related products), which could allow an attacker to subvert the domain sandbox and make unauthorized cross-domain requests. (CVE-2010-0186). Credit: Michael Yong Park Vulnerable versions of Adobe Flash Player: v10.0.42.34 and earlier Not vulnerable versions of Adobe Flash Player: 10.0.45.2 2, An unspecified vulnerability was found in Adobe Flash Player (and related products), which could allow an attacker to cause denial of service by unspecified vectors. (CVE-2010-0187) References: http://www.adobe.com/support/security/bulletins/apsb10-06.html
Public now via Adobe Security Bulletin APSB10-06: http://www.adobe.com/support/security/bulletins/apsb10-06.html
Adobe Reader 9.x versions embed Flash Player. Adobe is planning to update Adobe Reader on Feb16: http://www.adobe.com/support/security/bulletins/apsb10-07.html
CVE-2010-0187 was split to separate bug #564287.
This issue has been addressed in following products: Extras for Red Hat Enterprise Linux 5 Via RHSA-2010:0102 https://rhn.redhat.com/errata/RHSA-2010-0102.html
This issue has been addressed in following products: Extras for RHEL 3 Extras for RHEL 4 Via RHSA-2010:0103 https://rhn.redhat.com/errata/RHSA-2010-0103.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2010:0114 https://rhn.redhat.com/errata/RHSA-2010-0114.html