Test ID:	1.3.6.1.4.1.25623.1.0.68294
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2010:0834
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2010:0834. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB10-26, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654) An input validation flaw was discovered in flash-plugin. Certain server encodings could lead to a bypass of cross-domain policy file restrictions, possibly leading to cross-domain information disclosure. (CVE-2010-3636) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 9.0.289.0. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0834.html http://www.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb10-26.html Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3636 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html BugTraq ID: 44691 http://www.securityfocus.com/bid/44691 http://security.gentoo.org/glsa/glsa-201101-09.xml HPdes Security Advisory: HPSBMA02663 http://marc.info/?l=bugtraq&m=130331642631603&w=2 HPdes Security Advisory: SSRT100428 http://jvn.jp/en/jp/JVN48425028/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913 http://www.redhat.com/support/errata/RHSA-2010-0829.html http://www.redhat.com/support/errata/RHSA-2010-0834.html http://www.redhat.com/support/errata/RHSA-2010-0867.html http://secunia.com/advisories/42183 http://secunia.com/advisories/42926 http://secunia.com/advisories/43026 SuSE Security Announcement: SUSE-SA:2010:055 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://www.vupen.com/english/advisories/2010/2903 http://www.vupen.com/english/advisories/2010/2906 http://www.vupen.com/english/advisories/2010/2918 http://www.vupen.com/english/advisories/2011/0173 http://www.vupen.com/english/advisories/2011/0192 Common Vulnerability Exposure (CVE) ID: CVE-2010-3639 BugTraq ID: 44692 http://www.securityfocus.com/bid/44692 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11310 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12625 Common Vulnerability Exposure (CVE) ID: CVE-2010-3640 BugTraq ID: 44675 http://www.securityfocus.com/bid/44675 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16281 Common Vulnerability Exposure (CVE) ID: CVE-2010-3641 BugTraq ID: 44677 http://www.securityfocus.com/bid/44677 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12154 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16161 Common Vulnerability Exposure (CVE) ID: CVE-2010-3642 BugTraq ID: 44678 http://www.securityfocus.com/bid/44678 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16254 Common Vulnerability Exposure (CVE) ID: CVE-2010-3643 BugTraq ID: 44679 http://www.securityfocus.com/bid/44679 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12151 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16242 Common Vulnerability Exposure (CVE) ID: CVE-2010-3644 BugTraq ID: 44680 http://www.securityfocus.com/bid/44680 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11660 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16220 Common Vulnerability Exposure (CVE) ID: CVE-2010-3645 BugTraq ID: 44681 http://www.securityfocus.com/bid/44681 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11905 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15961 Common Vulnerability Exposure (CVE) ID: CVE-2010-3646 BugTraq ID: 44682 http://www.securityfocus.com/bid/44682 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11922 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16183 Common Vulnerability Exposure (CVE) ID: CVE-2010-3647 BugTraq ID: 44683 http://www.securityfocus.com/bid/44683 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12095 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16160 Common Vulnerability Exposure (CVE) ID: CVE-2010-3648 BugTraq ID: 44684 http://www.securityfocus.com/bid/44684 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11842 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15980 Common Vulnerability Exposure (CVE) ID: CVE-2010-3649 BugTraq ID: 44685 http://www.securityfocus.com/bid/44685 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11872 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15750 Common Vulnerability Exposure (CVE) ID: CVE-2010-3650 BugTraq ID: 44686 http://www.securityfocus.com/bid/44686 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15971 Common Vulnerability Exposure (CVE) ID: CVE-2010-3652 BugTraq ID: 44687 http://www.securityfocus.com/bid/44687 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11965 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15284 Common Vulnerability Exposure (CVE) ID: CVE-2010-3654 BugTraq ID: 44504 http://www.securityfocus.com/bid/44504 CERT/CC vulnerability note: VU#298081 http://www.kb.cert.org/vuls/id/298081 http://security.gentoo.org/glsa/glsa-201101-08.xml http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13294 http://www.redhat.com/support/errata/RHSA-2010-0934.html http://www.securitytracker.com/id?1024659 http://www.securitytracker.com/id?1024660 http://secunia.com/advisories/41917 http://secunia.com/advisories/42030 http://secunia.com/advisories/42401 http://secunia.com/advisories/43025 http://securityreason.com/securityalert/8210 SuSE Security Announcement: SUSE-SA:2010:058 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html TurboLinux Advisory: TLSA-2011-2 http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt http://www.vupen.com/english/advisories/2010/3111 http://www.vupen.com/english/advisories/2011/0191 http://www.vupen.com/english/advisories/2011/0344
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.