flashplugin-nonfree update needed due to upstream change(APSB09-01)

Bug #334134 reported by Scott Talbert on 2009-02-25
272
This bug affects 2 people
Affects Status Importance Assigned to Milestone
flashplugin-nonfree (Ubuntu)
High
Jamie Strandboge
Gutsy
High
Jamie Strandboge
Hardy
High
Jamie Strandboge
Intrepid
High
Jamie Strandboge
Jaunty
High
Jamie Strandboge

Bug Description

Binary package hint: flashplugin-nonfree

Adobe released version 10.0.22.87 of the Flash Player Plugin today. This means that the checksum of the install_flash_player_10_linux.tar.gz has changed and thus flashplugin-nonfree is currently un-installable - the install fails with an md5sum mismatch. Thus, the flashplugin-nonfree should be updated to contain the new md5sum values.

CVE number: CVE-2009-0519, CVE-2009-0520, CVE-2009-0522, CVE-2009-0114, CVE-2009-0521

Advisory summary(from Adobe):
> A potential vulnerability has been identified in Adobe Flash Player 10.0.12.36 and earlier that could allow an attacker
> who successfully exploits this potential vulnerability to take control of the affected system. A malicious SWF must
> be loaded in Flash Player by the user for an attacker to exploit this potential vulnerability. Additional vulnerabilities
> have been addressed in this update. Adobe recommends users update to the most current version of Flash Player
> available for their platform.

Acton Items:

Update flashplugin-nonfree's md5sums to;

- Flash Player 10(Jaunty, Intrepid, Hardy-backports);
=> Update to 10.0.22.87 / Available in upstream(adobe).

- Flash Player 9(Hardy, Gutsy, Dapper-backports);
=> Update to 9.0.159.0 / Available in upstream(adobe).

- Flash Player 7(Dapper)
=> No way, use dapper-backports.

Scott Talbert (swt-techie) wrote :

Attached is a debdiff that I believe resolves the issue. It worked OK for me.

Scott Talbert (swt-techie) wrote :

It appears this update includes security fixes as well: http://www.adobe.com/support/security/bulletins/apsb09-01.html

Fumihito YOSHIDA (hito) on 2009-02-25
description: updated
Changed in flashplugin-nonfree:
status: New → Confirmed
Changed in flashplugin-nonfree:
status: New → In Progress
importance: Undecided → High
assignee: nobody → jdstrand
status: New → In Progress
importance: Undecided → High
assignee: nobody → jdstrand
status: New → In Progress
importance: Undecided → High
assignee: nobody → jdstrand
status: Confirmed → In Progress
importance: Undecided → High
assignee: nobody → jdstrand
Changed in flashplugin-nonfree:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand) wrote :

flashplugin-nonfree (10.0.22.87ubuntu1) jaunty; urgency=low

  * SECURITY UPDATE: New upstream release 10.0.22.87
    - debian/config, debian/postinst: Updated for sha256sums.
    - CVE-2009-0114
    - CVE-2009-0519
    - CVE-2009-0520
    - CVE-2009-0522
    - CVE-2009-0521

Jamie Strandboge (jdstrand) wrote :

flashplugin-nonfree (9.0.159.0ubuntu1~gutsy1) gutsy-security; urgency=low

  * SECURITY UPDATE: New upstream release 9.0.159.0
    - debian/config, debian/postinst: Updated for sha256sums.
    - CVE-2009-0114
    - CVE-2009-0519
    - CVE-2009-0520
    - CVE-2009-0522
    - CVE-2009-0521

Jamie Strandboge (jdstrand) wrote :

flashplugin-nonfree (10.0.22.87ubuntu1~intrepid1) intrepid-security; urgency=low

  * SECURITY UPDATE: New upstream release 10.0.22.87
    - debian/config, debian/postinst: Updated for sha256sums.
    - CVE-2009-0114
    - CVE-2009-0519
    - CVE-2009-0520
    - CVE-2009-0522
    - CVE-2009-0521

Jamie Strandboge (jdstrand) wrote :

flashplugin-nonfree (9.0.159.0ubuntu1~hardy1) hardy-security; urgency=low

  * SECURITY UPDATE: New upstream release 9.0.159.0
    - debian/config, debian/postinst: Updated for sha256sums.
    - CVE-2009-0114
    - CVE-2009-0519
    - CVE-2009-0520
    - CVE-2009-0522
    - CVE-2009-0521

Changed in flashplugin-nonfree:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers