flash-player: multiple vulnerabilities [LWN.net]

Package(s):

flash-player

CVE #(s):

CVE-2010-3636 CVE-2010-3637 CVE-2010-3638 CVE-2010-3639 CVE-2010-3640 CVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645 CVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650 CVE-2010-3651 CVE-2010-3652 CVE-2010-3654 CVE-2010-3976

Created:

November 5, 2010

Updated:

January 21, 2011

Description:

From the Adobe security advisory:

This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.

From the Adobe security bulletin:

Critical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Alerts:

Gentoo	201101-08	2011-01-21
Gentoo	201101-09	2011-01-21
SUSE	SUSE-SA:2010:058	2010-12-08
openSUSE	openSUSE-SU-2010:1030-1	2010-12-07
Red Hat	RHSA-2010:0934-01	2010-12-01
Red Hat	RHSA-2010:0867-02	2010-11-10
Red Hat	RHSA-2010:0834-01	2010-11-08
Red Hat	RHSA-2010:0829-01	2010-11-05
openSUSE	openSUSE-SU-test-2010:36965-1	2010-11-05
SUSE	SUSE-SA:2010:055	2010-11-05

(Log in to post comments)

flash-player: multiple vulnerabilities

Posted Nov 11, 2010 4:37 UTC (Thu) by JoeBuck (subscriber, #2330) [Link]

Next time Adobe rolls a new release to fix a security bug, I hope that they'll turn certain memcpy calls into memmove calls to deal with that other contentious issue (with the glibc change).