Red Hat Product Errata RHSA-2008:1047 - Security Advisory
Issued:
2008-12-19
Updated:
2008-12-19

RHSA-2008:1047 - Security Advisory

Synopsis

Critical: flash-plugin security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated Adobe Flash Player package that fixes a security issue is
now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise
Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

The flash-plugin package contains a Firefox-compatible Adobe Flash Player
Web browser plug-in.

A security flaw was found in the way Flash Player displayed certain SWF
(Shockwave Flash) content. This may have made it possible to execute
arbitrary code on a victim's machine, if the victim opened a malicious
Adobe Flash file. (CVE-2008-5499)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.0.15.3 for users of Red Hat Enterprise
Linux 5 Supplementary, and 9.0.152.0 for users of Red Hat Enterprise 3 and
4 Extras.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4ES i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4AS i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 476172 - CVE-2008-5499 flash-plugin: Linux-specific code execution flaw via crafted SWF file

Red Hat Enterprise Linux Server 5

SRPM
x86_64
flash-plugin-10.0.15.3-2.el5.i386.rpm SHA-256: 330326405ea1fa7cb4e2d9957d88b219dac6f1e37fb6b3a24c01c6939788fac4
i386
flash-plugin-10.0.15.3-2.el5.i386.rpm SHA-256: 330326405ea1fa7cb4e2d9957d88b219dac6f1e37fb6b3a24c01c6939788fac4

Red Hat Enterprise Linux Server 4

SRPM
i386

Red Hat Enterprise Linux Server 3

SRPM
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2

SRPM
x86_64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4ES

SRPM
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4AS

SRPM
i386

Red Hat Enterprise Linux Workstation 5

SRPM
x86_64
flash-plugin-10.0.15.3-2.el5.i386.rpm SHA-256: 330326405ea1fa7cb4e2d9957d88b219dac6f1e37fb6b3a24c01c6939788fac4
i386
flash-plugin-10.0.15.3-2.el5.i386.rpm SHA-256: 330326405ea1fa7cb4e2d9957d88b219dac6f1e37fb6b3a24c01c6939788fac4

Red Hat Enterprise Linux Workstation 4

SRPM
i386

Red Hat Enterprise Linux Workstation 3

SRPM
i386

Red Hat Enterprise Linux Desktop 5

SRPM
x86_64
flash-plugin-10.0.15.3-2.el5.i386.rpm SHA-256: 330326405ea1fa7cb4e2d9957d88b219dac6f1e37fb6b3a24c01c6939788fac4
i386
flash-plugin-10.0.15.3-2.el5.i386.rpm SHA-256: 330326405ea1fa7cb4e2d9957d88b219dac6f1e37fb6b3a24c01c6939788fac4

Red Hat Enterprise Linux Desktop 4

SRPM
i386

Red Hat Enterprise Linux Desktop 3

SRPM
i386

Red Hat Enterprise Linux Server from RHUI 5

SRPM
x86_64
flash-plugin-10.0.15.3-2.el5.i386.rpm SHA-256: 330326405ea1fa7cb4e2d9957d88b219dac6f1e37fb6b3a24c01c6939788fac4
i386
flash-plugin-10.0.15.3-2.el5.i386.rpm SHA-256: 330326405ea1fa7cb4e2d9957d88b219dac6f1e37fb6b3a24c01c6939788fac4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.