LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pardus alert 2010-120 (flashplugin)



From:
    	      Eren Turkay <eren@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2010-120] Flashplugin: Multiple
	Vulnerabilities 


Date:
    	      Fri,  3 Sep 2010 09:05:39 +0300 (EEST)


Message-ID:
    	      <20100903060539.78D49A7AB8A@lider.pardus.org.tr>


Archive-link:
    	      Article, Thread
              


------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-120           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-09-03
  Severity: 4
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities have been fixed in flashplugin. 


Description
===========

CVE-2010-2213: 

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe 
AIR before 2.0.3, allows attackers to execute arbitrary code or cause a 
denial  of service  (memory  corruption)  via  unspecified  vectors,  a 
different   vulnerability than   CVE-2010-0209,   CVE-2010-2214,   and  
CVE-2010-2216. 



CVE-2010-2214: 

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe 
AIR before 2.0.3, allows attackers to execute arbitrary code or cause a 
denial  of service  (memory  corruption)  via  unspecified  vectors,  a 
different   vulnerability than   CVE-2010-0209,   CVE-2010-2213,   and  
CVE-2010-2216. 



CVE-2010-2215: 

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe 
AIR before 2.0.3, allows attackers to trick a user into (1) selecting a 
link or (2) completing a dialog, related to a "click-jacking" issue. 



CVE-2010-2216: 

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe 
AIR before 2.0.3, allows attackers to execute arbitrary code or cause a 
denial  of service  (memory  corruption)  via  unspecified  vectors,  a 
different   vulnerability than   CVE-2010-0209,   CVE-2010-2213,   and  
CVE-2010-2214. 



Affected packages:

  Pardus 2009:
    flashplugin, all before 10.1.82.76-27-9


Resolution
==========

There are update(s) for flashplugin. You can update  them  via  Package 
Manager or with a single command from console: 

    pisi up flashplugin

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=14042

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds