Oval Definition:oval:com.redhat.rhsa:def:20080945
Revision Date:2008-11-18Version:603
Title:RHSA-2008:0945: flash-plugin security update (Critical)
Description:The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in.

  • A flaw was found in the way Adobe Flash Player wrote content to the clipboard. A malicious SWF file could populate the clipboard with a URL that could cause the user to mistakenly load an attacker-controlled URL. (CVE-2008-3873)

  • A flaw was found which allowed Adobe Flash Player's ActionScript to initiate file uploads and downloads without user interaction. FileReference.browse and FileReference.download calls can now only be initiated via user interaction, such as mouse-clicks or key-presses on the keyboard. (CVE-2008-4401)

  • A flaw was found in Adobe Flash Player's display of the Settings Manager content. A malicious SWF file could trick the user into unknowingly clicking a link or dialog. This could then give the malicious SWF file permission to access the local machine's camera or microphone. (CVE-2008-4503)

    Flaws were found in the way Flash Player restricted the interpretation and usage of cross-domain policy files. A remote attacker could use Flash Player to conduct cross-domain and cross-site scripting attacks (CVE-2007-4324, CVE-2007-6243). This update provides enhanced fixes for these issues.

    Adobe Flash Player 10 also includes bug fixes and feature enhancements including:

    improved stability on the Linux platform by fixing a race condition issue in sound output.

    new support for custom filters and effects, native 3D transformation and animation, advanced audio processing, a new, more flexible text engine, and GPU hardware acceleration.

    For more information on new features and enhancements, see the Adobe Flash Player site and the Adobe Labs Release Notes.

    Note: some users may have installed a 3rd-party component, libflashsupport, for older versions of Flash Player. Adobe Flash Player 10 no longer supports libflashsupport. Users are advised to remove libflashsupport if they have it installed.

    All users of Adobe Flash Player should upgrade to this updated package, which contains Flash Player version 10.0.12.36.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-4324
    CVE-2007-6243
    CVE-2008-3873
    CVE-2008-4401
    CVE-2008-4503
    CVE-2008-4818
    CVE-2008-4819
    CVE-2008-4821
    CVE-2008-4822
    CVE-2008-4823
    CVE-2008-4824
    CVE-2008-5361
    CVE-2008-5362
    CVE-2008-5363
    RHSA-2008:0945-02
    Platform(s):Supplementary for Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux 5 is installed
  • AND flash-plugin is earlier than 0:10.0.12.36-2.el5
  • AND flash-plugin is signed with Red Hat redhatrelease key
    • BACK