[flashplugin-nonfree] Arbitrary code execution in Flash Player 9.0.45.0 and prior versions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
flashplugin-nonfree (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Feisty |
Fix Committed
|
High
|
John Vivirito |
Bug Description
Binary package hint: flashplugin-nonfree
An updated version of Adobe Flash Player, that fixes possible arbitrary code execution, is available. Please provide updated packages for flashplugin-
From:
http://
"While an input validation error could lead to arbitrary code execution in Flash Player 9.0.45.0 and prior versions, insufficient validation of the HTTP Referer in Flash Player 8.0.34.0 and earlier versions might help attackers to execute cross-site scripting attacks. Another security problem related to the Opera and Konqueror browsers exists in Flash Player 7 (version 7.0.70.0) for Linux and Solaris, but Adobe does not provide more detailed information on this issue. The vendor advises users to upgrade to version 9.0.47, but also provides patches for other versions of the software."
Corresponding Adobe Security Advisories:
http://
description: | updated |
flashplugin-nonfree (9.0.48.0.0ubuntu2) gutsy; urgency=low
* SECURITY UPDATE: Arbitrary code execution due to insufficient input www.adobe. com/support/ security/ bulletins/ apsb07- 12.html flash_player_ 9_linux. tar.gz' s md5sum
validation (LP: #125233)
* References
http://
CVE-2007-3456, CVE-2007-3457, CVE-2007-2022
* debian/config: Update install_
-- Daniel T Chen <email address hidden> Fri, 13 Jul 2007 18:20:46 -0400