Ubuntu
adobe-flashplugin package

Adobe APSA10-05

Bug #667887 reported by Mark Foster on 2010-10-28

280

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	acroread (Ubuntu)	Invalid	Medium	Brian Thomason
	Hardy	Fix Released	Undecided	Unassigned
	Karmic	Fix Released	Undecided	Unassigned
	Lucid	Fix Released	Undecided	Unassigned
	Maverick	Fix Released	Undecided	Unassigned
	Natty	Invalid	Medium	Brian Thomason
	adobe-flashplugin (Ubuntu)	Invalid	Medium	Brian Thomason
	Hardy	Fix Released	Undecided	Unassigned
	Karmic	Fix Released	Undecided	Unassigned
	Lucid	Fix Released	Undecided	Unassigned
	Maverick	Fix Released	Undecided	Unassigned
	Natty	Invalid	Medium	Brian Thomason
	flashplugin-nonfree (Ubuntu)	Fix Released	Medium	Marc Deslauriers
	Hardy	Fix Released	Undecided	Unassigned
	Karmic	Fix Released	Undecided	Unassigned
	Lucid	Fix Released	Undecided	Unassigned
	Maverick	Fix Released	Undecided	Unassigned
	Natty	Fix Released	Medium	Marc Deslauriers

Bug Description

Binary package hint: adobe-flashplugin

A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code.

CVE-2010-3654
from http://secunia.com/advisories/41917

Related links.
http://www.adobe.com/support/security/advisories/apsa10-05.html
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html

CVE References

2010-3654

Revision history for this message

Mark Foster (fostermarkd) wrote on 2010-10-28:

#1

Package "acroread" is also affected.

Marc Deslauriers (mdeslaur) on 2010-11-04

visibility:	private → public
Changed in adobe-flashplugin (Ubuntu):
status:	New → Confirmed
Changed in flashplugin-nonfree (Ubuntu):
status:	New → Confirmed
Changed in adobe-flashplugin (Ubuntu):
importance:	Undecided → Medium
Changed in flashplugin-nonfree (Ubuntu):
importance:	Undecided → Medium
Changed in acroread (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Medium
assignee:	nobody → Brian Thomason (brian-thomason)
Changed in adobe-flashplugin (Ubuntu):
assignee:	nobody → Brian Thomason (brian-thomason)
Changed in flashplugin-nonfree (Ubuntu):
assignee:	nobody → Marc Deslauriers (mdeslaur)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-11-04:

#2

This bug was fixed in the package flashplugin-nonfree - 10.1.102.64ubuntu1

---------------
flashplugin-nonfree (10.1.102.64ubuntu1) natty; urgency=low

  * SECURITY UPDATE: New upstream release 10.1.102.64 (LP: #667887)
    - debian/config, debian/postinst: Updated sha256sums and path
    - CVE-2010-3654
-- Marc Deslauriers <email address hidden> Thu, 04 Nov 2010 14:38:17 -0400

Changed in flashplugin-nonfree (Ubuntu Natty):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-11-04:

#3

This bug was fixed in the package flashplugin-nonfree - 10.1.102.64ubuntu0.10.10.1

---------------
flashplugin-nonfree (10.1.102.64ubuntu0.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: New upstream release 10.1.102.64 (LP: #667887)
    - debian/config, debian/postinst: Updated sha256sums and path
    - CVE-2010-3654
-- Marc Deslauriers <email address hidden> Thu, 04 Nov 2010 14:47:29 -0400

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-11-04:

#4

This bug was fixed in the package flashplugin-nonfree - 10.1.102.64ubuntu0.10.04.1

---------------
flashplugin-nonfree (10.1.102.64ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: New upstream release 10.1.102.64 (LP: #667887)
    - debian/config, debian/postinst: Updated sha256sums and path
    - CVE-2010-3654
-- Marc Deslauriers <email address hidden> Thu, 04 Nov 2010 14:51:10 -0400

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-11-04:

#5

This bug was fixed in the package flashplugin-nonfree - 10.1.102.64ubuntu0.9.10.1

---------------
flashplugin-nonfree (10.1.102.64ubuntu0.9.10.1) karmic-security; urgency=low

  * SECURITY UPDATE: New upstream release 10.1.102.64 (LP: #667887)
    - debian/config, debian/postinst: Updated sha256sums and path
    - CVE-2010-3654
-- Marc Deslauriers <email address hidden> Thu, 04 Nov 2010 14:52:46 -0400

Changed in flashplugin-nonfree (Ubuntu Karmic):
status:	New → Fix Released
Changed in flashplugin-nonfree (Ubuntu Lucid):
status:	New → Fix Released
Changed in flashplugin-nonfree (Ubuntu Maverick):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-11-05:

#6

This bug was fixed in the package flashplugin-nonfree - 10.0.1.218+really9.0.289.0ubuntu1

---------------
flashplugin-nonfree (10.0.1.218+really9.0.289.0ubuntu1) hardy-security; urgency=low

  * SECURITY UPDATE: New upstream release 9.0.289.0 (LP: #667887)
    - debian/config, debian/postinst: Updated sha256sums and path
    - CVE-2010-3654
-- Marc Deslauriers <email address hidden> Fri, 05 Nov 2010 14:13:37 -0400

Changed in flashplugin-nonfree (Ubuntu Hardy):
status:	New → Fix Released

Revision history for this message

Brian Thomason (brian-thomason) wrote on 2010-12-20:

#7

I apologize for the delay with the acroread update; Adobe did not place it on their usual site for download (just their FTP) so I had to confirm with them that we could indeed release it. Also, I noticed that the plugin version was not updated, but they have assured me the problem is fixed.

Changed in acroread (Ubuntu Maverick):
status:	New → Fix Released
Changed in acroread (Ubuntu Lucid):
status:	New → Fix Released
Changed in acroread (Ubuntu Karmic):
status:	New → Fix Released
Changed in acroread (Ubuntu Hardy):
status:	New → Fix Released
Changed in acroread (Ubuntu Natty):
status:	Confirmed → Invalid
Changed in adobe-flashplugin (Ubuntu Hardy):
status:	New → Fix Released
Changed in adobe-flashplugin (Ubuntu Karmic):
status:	New → Fix Released
Changed in adobe-flashplugin (Ubuntu Lucid):
status:	New → Fix Released
Changed in adobe-flashplugin (Ubuntu Maverick):
status:	New → Fix Released
Changed in adobe-flashplugin (Ubuntu Natty):
status:	Confirmed → Invalid

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

Bug #670119

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.