Public bug reported: Binary package hint: flashplugin-nonfree
An updated version of Adobe Flash Player, that fixes possible arbitrary code execution, is available. Please provide updated packages for flashplugin-nonfree. From: http://www.heise-security.co.uk/news/92520 "While an input validation error could lead to arbitrary code execution in Flash Player 9.0.45.0 and prior versions, insufficient validation of the HTTP Referer in Flash Player 8.0.34.0 and earlier versions might help attackers to execute cross-site scripting attacks. Another security problem related to the Opera and Konqueror browsers exists in Flash Player 7 (version 7.0.70.0) for Linux and Solaris, but Adobe does not provide more detailed information on this issue. The vendor advises users to upgrade to version 9.0.47, but also provides patches for other versions of the software." Corresponding Adobe Security Advisories: http://www.adobe.com/support/security/bulletins/apsb07-12.html ** Affects: flashplugin-nonfree (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Description changed: Binary package hint: flashplugin-nonfree An updated version of Adobe Flash Player, that fixes possible arbitrary code execution, is available. Please provide updated packages for flashplugin-nonfree. From: http://www.heise-security.co.uk/news/92520 "While an input validation error could lead to arbitrary code execution in Flash Player 9.0.45.0 and prior versions, insufficient validation of the HTTP Referer in Flash Player 8.0.34.0 and earlier versions might help attackers to execute cross-site scripting attacks. Another security problem related to the Opera and Konqueror browsers exists in Flash Player 7 (version 7.0.70.0) for Linux and Solaris, but Adobe does not provide more detailed information on this issue. The vendor advises users to upgrade to version 9.0.47, but also provides patches for other versions of the software." + + Corresponding Adobe Security Advisories: + http://www.adobe.com/support/security/bulletins/apsb07-12.html ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-3456 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-3457 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-2022 -- [flashplugin-nonfree] Arbitrary code execution in Flash Player 9.0.45.0 and prior versions https://bugs.launchpad.net/bugs/125233 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
