LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
Reload this Page Flash Player - Security Bulletin - 10.0.32.18 and earlier
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-12-2009, 01:39 PM   #1
Chuck56
Member
 
Registered: Dec 2006
Location: Colorado, USA
Distribution: Slackware
Posts: 930

Rep: Reputation: 479Reputation: 479Reputation: 479Reputation: 479Reputation: 479
Flash Player - Security Bulletin - 10.0.32.18 and earlier

Adobe Flash Player Security Bulletin - APSB09-19 - December 8, 2009

Just a heads up for those of us using Flash Player.

http://www.adobe.com/support/securit...apsb09-19.html

Quote:
Affected software: Flash Player 10.0.32.18 and earlier
Recommended player update: 10.0.42.34
Availability: Flash Player Download Center

Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player 10.0.32.18 and earlier versions update to Adobe Flash Player 10.0.42.34. Adobe recommends users of Adobe AIR version 1.5.2 and earlier versions update to Adobe AIR 1.5.3.

This update resolves a vulnerability in the parsing of JPEG data that could potentially lead to code execution (CVE-2009-3794).

This update resolves a data injection vulnerability that could potentially lead to code execution (CVE-2009-3796).

This update resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-3797).

This update resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-3798).

This update resolves an integer overflow vulnerability that could potentially lead to code execution (CVE-2009-3799).

This update resolves multiple crash vulnerabilities that could potentially lead to code execution (CVE-2009-3800).

This update resolves a Windows-only local file name access vulnerability in the Flash Player ActiveX control that could potentially lead to information disclosure (CVE-2009-3951). This updates the previously patched issue, CVE-2008-4820.
FYI - The current plugin and stanalone version offered on SlackBuilds appears to be 10.0.32.18 which is affected by this security bulletin.
 
Old 12-12-2009, 01:47 PM   #2
sahko
Senior Member
 
Registered: Sep 2008
Distribution: Slackware
Posts: 1,041

Rep: Reputation: Disabled
I notified rworkman about this a couple of days ago and he submitted an update which is already approved. Since i use only x86_64 i dont know which specific release he updated to. I think it is 10.0.42.34 which was available at the time.
FWIW there is also a x86_64 version update as well.
Last edited by sahko; 12-12-2009 at 02:10 PM.
 
Old 12-12-2009, 04:04 PM   #3
Woodsman
Senior Member
 
Registered: Oct 2005
Distribution: Slackware 14.1
Posts: 3,482

Rep: Reputation: 546Reputation: 546Reputation: 546Reputation: 546Reputation: 546Reputation: 546
For those using the slackbuilds.org script, download the install_flash_player_10_r42_linux.tar.gz source file, edit the version in the slackbuild script, and build a new package. Worked fine for me.

The Adobe source file contains only the libflashplayer.so file.

Based upon past practices, the slackbuild for 12.2 probably won't be updated so those using 12.2 will have to manually update the slackbuild script anyway.
 
Old 12-12-2009, 05:36 PM   #4
mRgOBLIN
Slackware Contributor
 
Registered: Jun 2002
Location: New Zealand
Distribution: Slackware
Posts: 999

Rep: Reputation: 231Reputation: 231Reputation: 231
The x86_64 (10.0.42.34) source is here for anyone having trouble finding it.

http://download.macromedia.com/pub/l...6_64.so.tar.gz
 
Old 12-12-2009, 07:26 PM   #5
hitest
Guru
 
Registered: Mar 2004
Location: Canada
Distribution: Void, Debian, Slackware, VMs
Posts: 7,342

Rep: Reputation: 3746Reputation: 3746Reputation: 3746Reputation: 3746Reputation: 3746Reputation: 3746Reputation: 3746Reputation: 3746Reputation: 3746Reputation: 3746Reputation: 3746
Thanks for the heads-up. Downloaded the 10.0.42.34 source from adobe then edited the flash slackbuild script from SBo. Upgrade to 10.0.42.34 went without a hitch on Slackware 13.0.
 
Old 12-12-2009, 08:37 PM   #6
~sHyLoCk~
Senior Member
 
Registered: Jul 2008
Location: /dev/null
Posts: 1,173
Blog Entries: 12

Rep: Reputation: 129Reputation: 129
See if this works for you, just built them for my machine:

flash-player-plugin-10.0_r42-i386-1_SBo.tgz
flash-player-plugin-10.0_r42-x86_64-1_SBo.tgz

Regards
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Adobe Updates Flash Player to Fix Huge Security Hole LXer Syndicated Linux News 0 12-19-2008 05:10 PM
flash player Killer Penguin Fedora 1 07-30-2008 03:43 PM
zattoo complains of no flash player installed, but flash is installed TheBrick Linux - Software 8 07-10-2008 07:28 AM
No Real Player Sound after Flash Player hroit Linux - Software 4 01-16-2007 02:05 PM
Flash Player 7 jhwatts Linux - Software 2 11-11-2006 08:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 01:57 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration