Flash Player 10.3.183.10 has been pushed to mga1 nonfree/updates_testing. Advisory: ============ Adobe Flash Player 10.3.183.10 contains fixes to critical security vulnerabilities found in 10.3.183.7 and earlier versions. Several of the issues can cause a crash and may allow an attacker to take control of the affected system (CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430). A universal cross-site scripting issue can be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website (CVE-2011-2444). This issue is reportedly already being exploited in targeted attacks. A Flash Player security control bypass issue can lead to information disclosure (CVE-2011-2429). References: http://www.adobe.com/support/security/bulletins/apsb11-26.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2428 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2430 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2444 ============ Updated Flash Player 10.3.183.10 packages are in mga1 nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586).
Testing complete on i586. Tested systemsettings/Adobe Flash player, http://www.adobe.com/software/flash/about/ and http://www.youtube.com in both firefox and opera.
CC: (none) => davidwhodgins
I should have noted the srpm is flash-player-plugin-10.3.183.10-1.mga1.nonfree.src.rpm
Tested on 64-bits. Looks ok with firefox.
CC: (none) => olivier.delaune
Update validated. Can someone from the sysadmin team push the srpm flash-player-plugin-10.3.183.10-1.mga1.nonfree.src.rpm from Nonfree Updates Testing to Nonfree Updates. Advisory: Adobe Flash Player 10.3.183.10 contains fixes to critical security vulnerabilities found in 10.3.183.7 and earlier versions. Several of the issues can cause a crash and may allow an attacker to take control of the affected system (CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430). A universal cross-site scripting issue can be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website (CVE-2011-2444). This issue is reportedly already being exploited in targeted attacks. A Flash Player security control bypass issue can lead to information disclosure (CVE-2011-2429). References: http://www.adobe.com/support/security/bulletins/apsb11-26.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2428 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2430 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2444
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
pushed to updates.
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)