Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.1042 -- [RedHat] Important: flash-plugin security update 13 November 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Adobe Flash Player Publisher: Red Hat Operating System: Red Hat Linux 4 Red Hat Linux 3 Impact: Provide Misleading Information Access Confidential Data Cross-site Scripting Access Privileged Data Access: Remote/Unauthenticated CVE Names: CVE-2008-4823 CVE-2008-4822 CVE-2008-4821 CVE-2008-4819 CVE-2008-4818 CVE-2008-4503 CVE-2008-4401 CVE-2008-3873 CVE-2007-6243 CVE-2007-4324 Ref: ESB-2008.1028 AA-2008.0213 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2008-0980.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: flash-plugin security update Advisory ID: RHSA-2008:0980-02 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0980.html Issue date: 2008-11-12 CVE Names: CVE-2007-4324 CVE-2007-6243 CVE-2008-3873 CVE-2008-4401 CVE-2008-4503 CVE-2008-4818 CVE-2008-4819 CVE-2008-4823 CVE-2008-4822 CVE-2008-4821 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 3 and 4 Extras. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386 Red Hat Desktop version 3 Extras - i386 Red Hat Enterprise Linux ES version 3 Extras - i386 Red Hat Enterprise Linux WS version 3 Extras - i386 Red Hat Enterprise Linux AS version 4 Extras - i386 Red Hat Desktop version 4 Extras - i386 Red Hat Enterprise Linux ES version 4 Extras - i386 Red Hat Enterprise Linux WS version 4 Extras - i386 3. Description: The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in. A flaw was found in the way Adobe Flash Player wrote content to the clipboard. A malicious SWF (Shockwave Flash) file could populate the clipboard with a URL that could cause the user to accidentally or mistakenly load an attacker-controlled URL. (CVE-2008-3873) A flaw was found with Adobe's ActionScript scripting language which allowed Flash scripts to initiate file uploads and downloads without user interaction. ActionScript's FileReference.browse and FileReference.download method calls can now only be initiated via user interaction, such as through mouse-clicks or key-presses on the keyboard. (CVE-2008-4401) A flaw was found in Adobe Flash Player's display of Settings Manager content. A malicious SWF file could trick the user into unintentionally or mistakenly clicking a link or a dialog which could then give the malicious SWF file permission to access the local machine's camera or microphone. (CVE-2008-4503) Flaws were found in the way Flash Player restricted the interpretation and usage of cross-domain policy files. A remote attacker could use Flash Player to conduct cross-domain and cross-site scripting attacks (CVE-2007-4324, CVE-2007-6243). This update provides enhanced fixes for these issues. Flash Player contains a flaw in the way it interprets HTTP response headers. An attacker could use this flaw to conduct a cross-site scripting attack against the user running Flash Player. (CVE-2008-4818) A flaw was found in the way Flash Player handles the ActionScript attribute. A malicious site could use this flaw to inject arbitrary HTML content, confusing the user running the browser. (CVE-2008-4823) A flaw was found in the way Flash Player interprets policy files. It was possible to bypass a non-root domain policy, possibly allowing a malicious site to access data in a different domain. (CVE-2008-4822) A flaw was found in how Flash Player's jar: protocol handler interacts with Mozilla. A malicious flash application could use this flaw to disclose sensitive information. (CVE-2008-4821) Updated Flash Player also extends mechanisms to help prevent an attacker from executing a DNS rebinding attack. (CVE-2008-4819) All users of Adobe Flash Player should upgrade to this updated package, which contains Flash Player version 9.0.151.0. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 252292 - CVE-2007-4324 Flash movie can determine whether a TCP port is open 440664 - CVE-2007-6243 Flash Player cross-domain and cross-site scripting flaws 465736 - CVE-2008-3873 flash: clipboard hijack attack 466154 - CVE-2008-4401 flash-plugin: upload/download user interaction 466344 - CVE-2008-4503 Adobe Flash Player clickjacking 470116 - CVE-2008-4818 Flash Player XSS 470123 - CVE-2008-4819 Flash Player DNS rebind attack 470128 - CVE-2008-4823 Flash Player HTML injection flaw 470130 - CVE-2008-4822 Flash Player policy file interpretation flaw 470131 - CVE-2008-4821 Flash Player jar: protocol handler 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: flash-plugin-9.0.151.0-1.el3.with.oss.i386.rpm Red Hat Desktop version 3 Extras: i386: flash-plugin-9.0.151.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: flash-plugin-9.0.151.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: flash-plugin-9.0.151.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: flash-plugin-9.0.151.0-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: flash-plugin-9.0.151.0-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: flash-plugin-9.0.151.0-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: flash-plugin-9.0.151.0-1.el4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4503 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4818 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4819 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4823 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4822 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4821 http://adobe.com/products/flashplayer http://www.redhat.com/security/updates/classification/#important http://www.adobe.com/support/security/bulletins/apsb08-20.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJGxsiXlSAg2UNWIIRAn/zAJwIaRs4zmeuV6BaP+Dt+WdGrbhmIgCfSwGa JlziCwdugRRIaEmM5qjItCk= =oE/0 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSRuElih9+71yA2DNAQIE1wP+Pq1pzpqw3cRWgTcKLL2VDKALkg3NXpQB O2eRNiHdKjlZMddELcNkUimDWAS9WGAIR06uaDo0857n7bGAeDihrHbDB+JRjlJ8 tqIbG94bpZwIhKUpXYtZzkvXdvcRjiwH8UGQdAecoRKVDzFhc0+uUU9teJs50UfD IuxfoyNjxrE= =NDBt -----END PGP SIGNATURE-----