Test ID:	1.3.6.1.4.1.25623.1.0.67545
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2010:0470
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2010:0470. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB10-14, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-3793, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188) An input sanitization flaw was found in the way flash-plugin processed certain URLs. An attacker could use this flaw to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2010-2179) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 9.0.277.0. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0470.html http://www.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb10-14.html Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3793 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html BugTraq ID: 40759 http://www.securityfocus.com/bid/40759 BugTraq ID: 40809 http://www.securityfocus.com/bid/40809 Cert/CC Advisory: TA10-162A http://www.us-cert.gov/cas/techalerts/TA10-162A.html http://security.gentoo.org/glsa/glsa-201101-09.xml HPdes Security Advisory: HPSBMA02547 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 HPdes Security Advisory: SSRT100179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16223 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7205 http://www.redhat.com/support/errata/RHSA-2010-0464.html http://www.redhat.com/support/errata/RHSA-2010-0470.html http://securitytracker.com/id?1024085 http://securitytracker.com/id?1024086 http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 SuSE Security Announcement: SUSE-SA:2010:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html TurboLinux Advisory: TLSA-2010-19 http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt http://www.vupen.com/english/advisories/2010/1421 http://www.vupen.com/english/advisories/2010/1432 http://www.vupen.com/english/advisories/2010/1434 http://www.vupen.com/english/advisories/2010/1453 http://www.vupen.com/english/advisories/2010/1482 http://www.vupen.com/english/advisories/2010/1522 http://www.vupen.com/english/advisories/2010/1793 http://www.vupen.com/english/advisories/2011/0192 Common Vulnerability Exposure (CVE) ID: CVE-2010-2160 BugTraq ID: 40779 http://www.securityfocus.com/bid/40779 Bugtraq: 20100625 ZDI-10-114: Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/512020/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7508 Common Vulnerability Exposure (CVE) ID: CVE-2010-2161 BugTraq ID: 40781 http://www.securityfocus.com/bid/40781 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=871 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15576 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7303 Common Vulnerability Exposure (CVE) ID: CVE-2010-2162 BugTraq ID: 40801 http://www.securityfocus.com/bid/40801 Bugtraq: 20100616 ZDI-10-109: Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511862/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-109 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16345 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7166 Common Vulnerability Exposure (CVE) ID: CVE-2010-2163 BugTraq ID: 40803 http://www.securityfocus.com/bid/40803 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16316 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7501 Common Vulnerability Exposure (CVE) ID: CVE-2010-2164 BugTraq ID: 40780 http://www.securityfocus.com/bid/40780 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=872 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15798 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6765 Common Vulnerability Exposure (CVE) ID: CVE-2010-2165 BugTraq ID: 40782 http://www.securityfocus.com/bid/40782 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16350 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6781 Common Vulnerability Exposure (CVE) ID: CVE-2010-2166 BugTraq ID: 40783 http://www.securityfocus.com/bid/40783 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15541 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7431 Common Vulnerability Exposure (CVE) ID: CVE-2010-2167 BugTraq ID: 40802 http://www.securityfocus.com/bid/40802 Bugtraq: 20100616 VUPEN Security Research - Adobe Flash Player GIF/JPEG Data Parsing Heap Overflow Vulnerabilities (CVE-2010-2167) (Google Search) http://www.securityfocus.com/archive/1/511847/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15437 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7491 Common Vulnerability Exposure (CVE) ID: CVE-2010-2169 BugTraq ID: 40807 http://www.securityfocus.com/bid/40807 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16225 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7276
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.