LinuxQuestions.org - Flash Player - Security Bulletin

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - Flash Player - Security Bulletin - 10.0.32.18 and earlier (https://www.linuxquestions.org/questions/slackware-14/flash-player-security-bulletin-10-0-32-18-and-earlier-775194/)

Flash Player - Security Bulletin - 10.0.32.18 and earlier

Adobe Flash Player Security Bulletin - APSB09-19 - December 8, 2009

Just a heads up for those of us using Flash Player.

http://www.adobe.com/support/securit...apsb09-19.html

Quote:

Affected software: Flash Player 10.0.32.18 and earlier
Recommended player update: 10.0.42.34
Availability: Flash Player Download Center

Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player 10.0.32.18 and earlier versions update to Adobe Flash Player 10.0.42.34. Adobe recommends users of Adobe AIR version 1.5.2 and earlier versions update to Adobe AIR 1.5.3.

This update resolves a vulnerability in the parsing of JPEG data that could potentially lead to code execution (CVE-2009-3794).

This update resolves a data injection vulnerability that could potentially lead to code execution (CVE-2009-3796).

This update resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-3797).

This update resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-3798).

This update resolves an integer overflow vulnerability that could potentially lead to code execution (CVE-2009-3799).

This update resolves multiple crash vulnerabilities that could potentially lead to code execution (CVE-2009-3800).

This update resolves a Windows-only local file name access vulnerability in the Flash Player ActiveX control that could potentially lead to information disclosure (CVE-2009-3951). This updates the previously patched issue, CVE-2008-4820.

FYI - The current plugin and stanalone version offered on SlackBuilds appears to be 10.0.32.18 which is affected by this security bulletin.

I notified rworkman about this a couple of days ago and he submitted an update which is already approved. Since i use only x86_64 i dont know which specific release he updated to. I think it is 10.0.42.34 which was available at the time.
FWIW there is also a x86_64 version update as well.

For those using the slackbuilds.org script, download the install_flash_player_10_r42_linux.tar.gz source file, edit the version in the slackbuild script, and build a new package. Worked fine for me. :)

The Adobe source file contains only the libflashplayer.so file.

Based upon past practices, the slackbuild for 12.2 probably won't be updated so those using 12.2 will have to manually update the slackbuild script anyway. :)

The x86_64 (10.0.42.34) source is here for anyone having trouble finding it.

http://download.macromedia.com/pub/l...6_64.so.tar.gz

Thanks for the heads-up. :) Downloaded the 10.0.42.34 source from adobe then edited the flash slackbuild script from SBo. Upgrade to 10.0.42.34 went without a hitch on Slackware 13.0.

See if this works for you, just built them for my machine:

flash-player-plugin-10.0_r42-i386-1_SBo.tgz
flash-player-plugin-10.0_r42-x86_64-1_SBo.tgz

Regards