RHEL 5 : flash-plugin (RHSA-2010:0102)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated Adobe Flash Player package that fixes two security issues
is now available for Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The flash-plugin package contains a Mozilla Firefox compatible Adobe
Flash Player web browser plug-in.

This update fixes two vulnerabilities in Adobe Flash Player. These
vulnerabilities are summarized on the Adobe Security Advisory
APSB10-06 page listed in the References section. If a victim loaded a
web page containing specially crafted SWF content, it could cause
Flash Player to perform unauthorized cross-domain requests, leading to
the disclosure of sensitive data. (CVE-2010-0186, CVE-2010-0187)

All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 10.0.45.2.

See also :

https://www.redhat.com/security/data/cve/CVE-2010-0186.html
https://www.redhat.com/security/data/cve/CVE-2010-0187.html
http://www.adobe.com/support/security/bulletins/apsb10-06.html
http://rhn.redhat.com/errata/RHSA-2010-0102.html

Solution :

Update the affected flash-plugin package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 63917 ()

Bugtraq ID: 38198
38200

CVE ID: CVE-2010-0186
CVE-2010-0187