SuSE: 2010-055: flash-player Security Update
Summary
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2010:055
Date: Fri, 05 Nov 2010 10:00:00 +0000
Affected Products: openSUSE 11.1
openSUSE 11.2
openSUSE 11.3
SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Desktop 11 SP1
Vulnerability Type: remote code execution
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
SUSE Default Package: yes
Cross-References: CVE-2010-3636, CVE-2010-3637, CVE-2010-3638
CVE-2010-3639, CVE-2010-3640, CVE-2010-3641
CVE-2010-3642, CVE-2010-3643, CVE-2010-3644
CVE-2010-3645, CVE-2010-3646, CVE-2010-3647
CVE-2010-3648, CVE-2010-3649, CVE-2010-3650
CVE-2010-3651, CVE-2010-3652, CVE-2010-3654
CVE-2010-3976
Content of This Advisory:
1) Security Vulnerability Resolved:
Adobe Flash player security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Adobe Flash Player was updated to version 10.1.102.64 to fix
a critical security issue.
Adobe has posted advisories on their website:
http://www.adobe.com/support/security/advisories/apsa10-05.html
and also
The following CVE entries were listed as fixed:
CVE-2010-3636 CVE-2010-3637 CVE-2010-3638 CVE-2010-3639
CVE-2010-3640 CVE-2010-3641 CVE-2010-3642 CVE-2010-3643
CVE-2010-3644 CVE-2010-3645 CVE-2010-3646 CVE-2010-3647
CVE-2010-3648 CVE-2010-3649 CVE-2010-3650 CVE-2010-3651
CVE-2010-3652 CVE-2010-3654 CVE-2010-3976
SUSE Linux Enterprise Desktop 11 GA and Service Pack 1, and openSUSE
11.1-11.3 have received updates.
There currently is no updated version available for the Flash Player
version 9 on SUSE Linux Enterprise Desktop 10 Service Pack 3 so far.
It will be released as soon as it is available.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of Flash using Web
browsers after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
"Online Update" module or the "zypper" commandline tool. The package and
patch management stack will detect which updates are required and
automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv
References