[flashplugin-nonfree] Arbitrary code execution in Flash Player 9.0.45.0 and prior versions

Bug #125233 reported by disabled.user on 2007-07-11
266
Affects Status Importance Assigned to Milestone
flashplugin-nonfree (Ubuntu)
Undecided
Unassigned
Feisty
High
John Vivirito

Bug Description

Binary package hint: flashplugin-nonfree

An updated version of Adobe Flash Player, that fixes possible arbitrary code execution, is available. Please provide updated packages for flashplugin-nonfree.

From:
http://www.heise-security.co.uk/news/92520

"While an input validation error could lead to arbitrary code execution in Flash Player 9.0.45.0 and prior versions, insufficient validation of the HTTP Referer in Flash Player 8.0.34.0 and earlier versions might help attackers to execute cross-site scripting attacks. Another security problem related to the Opera and Konqueror browsers exists in Flash Player 7 (version 7.0.70.0) for Linux and Solaris, but Adobe does not provide more detailed information on this issue. The vendor advises users to upgrade to version 9.0.47, but also provides patches for other versions of the software."

Corresponding Adobe Security Advisories:
http://www.adobe.com/support/security/bulletins/apsb07-12.html

description: updated
Daniel T Chen (crimsun) wrote :

flashplugin-nonfree (9.0.48.0.0ubuntu2) gutsy; urgency=low

  * SECURITY UPDATE: Arbitrary code execution due to insufficient input
    validation (LP: #125233)
  * References
    http://www.adobe.com/support/security/bulletins/apsb07-12.html
    CVE-2007-3456, CVE-2007-3457, CVE-2007-2022
  * debian/config: Update install_flash_player_9_linux.tar.gz's md5sum

 -- Daniel T Chen <email address hidden> Fri, 13 Jul 2007 18:20:46 -0400

Changed in flashplugin-nonfree:
status: New → Fix Released

Will there also be updated packages for the stable releases?

Martin Pitt (pitti) wrote :

 flashplugin-nonfree (9.0.48.0.0ubuntu1~7.04.1) feisty-proposed; urgency=low
 .
   * SECURITY UPDATE: Arbitrary code execution due to insufficient input
     validation (LP: #125233)
   * References
     http://www.adobe.com/support/security/bulletins/apsb07-12.html
     CVE-2007-3456, CVE-2007-3457, CVE-2007-2022
   * debian/config: Update install_flash_player_9_linux.tar.gz's md5sum
     (LP: #125986)

Accepted into feisty-proposed.

Changed in flashplugin-nonfree:
assignee: nobody → gnomefreak
importance: Undecided → High
status: New → Fix Committed
John Vivirito (gnomefreak) wrote :

flashplugin-nonfree (9.0.48.0.0ubuntu1~7.04.1) feisty-proposed; urgency=low

  * SECURITY UPDATE: Arbitrary code execution due to insufficient input
    validation (LP: #125233)
  * References
    http://www.adobe.com/support/security/bulletins/apsb07-12.html
    CVE-2007-3456, CVE-2007-3457, CVE-2007-2022
  * debian/config: Update install_flash_player_9_linux.tar.gz's md5sum
    (LP: #125986)

 -- John Vivirito <email address hidden> Sat, 14 Jul 2007 12:49:38 -0400

Changed in flashplugin-nonfree:
status: Fix Committed → Fix Released
Tormod Volden (tormodvolden) wrote :

That is: flashplugin-nonfree does not download the new blob if the old blob from the last installation is there (maybe because they have the same name). Then of course the checksum fails.

I guess it should either look at the timestamps of the blob (and download a new if needed), or just delete the blob after installation.

Tormod Volden (tormodvolden) wrote :

According to https://wiki.ubuntu.com/MOTU/SRU, the Feisty task is committed, not released. There is also no notification posted on the ubuntu-motu mailing list.

Please check that the new package also works for upgrades.

Changed in flashplugin-nonfree:
status: Fix Released → Fix Committed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers