[Secure-testing-team] Bug#585408: flashplugin-nonfree: Execution of arbitrary code [CVE-2010-1297]
Sam Morris
sam at robots.org.uk
Thu Jun 10 11:25:29 UTC 2010
Package: flashplugin-nonfree
Version: 1:2.8
Severity: grave
Tags: security
Justification: user security hole
As described at
<http://www.adobe.com/support/security/advisories/apsa10-01.html>,
A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and
earlier versions for Windows, Macintosh, Linux and Solaris operating
systems, and the authplay.dll component that ships with Adobe Reader and
Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This
vulnerability (CVE-2010-1297) could cause a crash and potentially allow
an attacker to take control of the affected system. There are reports
that this vulnerability is being actively exploited in the wild against
both Adobe Flash Player, and Adobe Reader and Acrobat.
This is CVE-2010-1297 and APSA10-01.
-- Package-specific info:
Debian version: squeeze/sid
Architecture: amd64
Package version: 1:2.8
Adobe Flash Player version: LNX 10,0,45,2
MD5 checksums:
4a4561e456612a6751653b58342d53df /var/cache/flashplugin-nonfree/libflashplayer-10.0.45.2.linux-x86_64.so.tar.gz
57fb976761aac898897e96101ee1a4e0 /usr/lib/flashplugin-nonfree/libflashplayer.so
Alternatives:
flash-mozilla.so - auto mode
link currently points to /usr/lib/flashplugin-nonfree/libflashplayer.so
/usr/lib/flashplugin-nonfree/libflashplayer.so - priority 50
/usr/lib/gnash/libgnashplugin.so - priority 10
Current 'best' version is '/usr/lib/flashplugin-nonfree/libflashplayer.so'.
lrwxrwxrwx 1 root root 34 Mar 2 15:42 /usr/lib/mozilla/plugins/flash-mozilla.so -> /etc/alternatives/flash-mozilla.so
/usr/lib/mozilla/plugins/flash-mozilla.so: symbolic link to `/etc/alternatives/flash-mozilla.so'
Libraries used by libflashplayer.so:
linux-vdso.so.1 => (0x00007fff619ff000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f079e0d6000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007f079deba000)
libX11.so.6 => /usr/lib/libX11.so.6 (0x00007f079db7d000)
libXext.so.6 => /usr/lib/libXext.so.6 (0x00007f079d96b000)
libXt.so.6 => /usr/lib/libXt.so.6 (0x00007f079d707000)
libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x00007f079d47f000)
libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x00007f079d24a000)
libgtk-x11-2.0.so.0 => /usr/lib/libgtk-x11-2.0.so.0 (0x00007f079cc2a000)
libgdk-x11-2.0.so.0 => /usr/lib/libgdk-x11-2.0.so.0 (0x00007f079c97c000)
libatk-1.0.so.0 => /usr/lib/libatk-1.0.so.0 (0x00007f079c75b000)
libgdk_pixbuf-2.0.so.0 => /usr/lib/libgdk_pixbuf-2.0.so.0 (0x00007f079c53f000)
libpangocairo-1.0.so.0 => /usr/lib/libpangocairo-1.0.so.0 (0x00007f079c332000)
libpango-1.0.so.0 => /usr/lib/libpango-1.0.so.0 (0x00007f079c0e6000)
libcairo.so.2 => /usr/lib/libcairo.so.2 (0x00007f079be69000)
libgobject-2.0.so.0 => /usr/lib/libgobject-2.0.so.0 (0x00007f079bc21000)
libgmodule-2.0.so.0 => /usr/lib/libgmodule-2.0.so.0 (0x00007f079ba1e000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f079b81a000)
libglib-2.0.so.0 => /lib/libglib-2.0.so.0 (0x00007f079b53d000)
libnss3.so => /usr/lib/libnss3.so (0x00007f079b23a000)
libsmime3.so => /usr/lib/libsmime3.so (0x00007f079b014000)
libssl3.so => /usr/lib/libssl3.so (0x00007f079ade3000)
libplds4.so => /usr/lib/libplds4.so (0x00007f079abe0000)
libplc4.so => /usr/lib/libplc4.so (0x00007f079a9dc000)
libnspr4.so => /usr/lib/libnspr4.so (0x00007f079a79e000)
libm.so.6 => /lib/libm.so.6 (0x00007f079a51c000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f079a306000)
libc.so.6 => /lib/libc.so.6 (0x00007f0799fb1000)
/lib64/ld-linux-x86-64.so.2 (0x00007f07a300f000)
libxcb.so.1 => /usr/lib/libxcb.so.1 (0x00007f0799d95000)
libSM.so.6 => /usr/lib/libSM.so.6 (0x00007f0799b8d000)
libICE.so.6 => /usr/lib/libICE.so.6 (0x00007f0799971000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007f079975a000)
libexpat.so.1 => /usr/lib/libexpat.so.1 (0x00007f0799532000)
libXcomposite.so.1 => /usr/lib/libXcomposite.so.1 (0x00007f079932f000)
libXdamage.so.1 => /usr/lib/libXdamage.so.1 (0x00007f079912d000)
libXfixes.so.3 => /usr/lib/libXfixes.so.3 (0x00007f0798f28000)
libgio-2.0.so.0 => /usr/lib/libgio-2.0.so.0 (0x00007f0798c75000)
libpangoft2-1.0.so.0 => /usr/lib/libpangoft2-1.0.so.0 (0x00007f0798a4c000)
libgthread-2.0.so.0 => /usr/lib/libgthread-2.0.so.0 (0x00007f0798848000)
librt.so.1 => /lib/librt.so.1 (0x00007f079863f000)
libXrender.so.1 => /usr/lib/libXrender.so.1 (0x00007f0798435000)
libXinerama.so.1 => /usr/lib/libXinerama.so.1 (0x00007f0798233000)
libXi.so.6 => /usr/lib/libXi.so.6 (0x00007f0798023000)
libXrandr.so.2 => /usr/lib/libXrandr.so.2 (0x00007f0797e1b000)
libXcursor.so.1 => /usr/lib/libXcursor.so.1 (0x00007f0797c11000)
libpixman-1.so.0 => /usr/lib/libpixman-1.so.0 (0x00007f07979b8000)
libpng12.so.0 => /lib/libpng12.so.0 (0x00007f0797792000)
libxcb-render-util.so.0 => /usr/lib/libxcb-render-util.so.0 (0x00007f079758e000)
libxcb-render.so.0 => /usr/lib/libxcb-render.so.0 (0x00007f0797386000)
libpcre.so.3 => /lib/libpcre.so.3 (0x00007f0797157000)
libnssutil3.so.1d => /usr/lib/libnssutil3.so.1d (0x00007f0796f3a000)
libXau.so.6 => /usr/lib/libXau.so.6 (0x00007f0796d37000)
libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x00007f0796b31000)
libuuid.so.1 => /lib/libuuid.so.1 (0x00007f079692d000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00007f0796716000)
libselinux.so.1 => /lib/libselinux.so.1 (0x00007f07964f8000)
Packages containing libraries used by libflashplayer.so:
dpkg: /lib64/ld-linux-x86-64.so.2 not found.
libatk1.0-0 1.30.0-1
libc6 2.10.2-9
libcairo2 1.8.10-4
libexpat1 2.0.1-7
libfontconfig1 2.8.0-2.1
libfreetype6 2.3.11-1
libgcc1 1:4.4.4-1
libglib2.0-0 2.24.1-1
libgtk2.0-0 2.20.1-1
libice6 2:1.0.6-1
libnspr4-0d 4.8.4-1
libnss3-1d 3.12.6-2
libpango1.0-0 1.28.0-1
libpcre3 7.8-3
libpixman-1-0 0.16.4-1
libpng12-0 1.2.43-1
libselinux1 2.0.94-1
libsm6 2:1.1.1-1
libstdc++6 4.4.4-1
libuuid1 2.16.2-0
libx11-6 2:1.3.3-3
libxau6 1:1.0.5-2
libxcb-render-util0 0.3.6-1
libxcb-render0 1.6-1
libxcb1 1.6-1
libxcomposite1 1:0.4.1-1
libxcursor1 1:1.1.10-2
libxdamage1 1:1.1.2-1
libxdmcp6 1:1.0.3-2
libxext6 2:1.1.1-3
libxfixes3 1:4.0.4-2
libxi6 2:1.3-4
libxinerama1 2:1.1-3
libxrandr2 2:1.3.0-3
libxrender1 1:0.9.5-2
libxt6 1:1.0.7-1
zlib1g 1:1.2.3.4.dfsg-3
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (530, 'testing'), (520, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages flashplugin-nonfree depends on:
ii debconf [debconf-2.0] 1.5.32 Debian configuration management sy
ii gnupg 1.4.10-4 GNU privacy guard - a free PGP rep
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libcairo2 1.8.10-4 The Cairo 2D vector graphics libra
ii libcurl3-gnutls 7.20.1-2 Multi-protocol file transfer libra
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.3.11-1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.4.4-1 GCC support library
ii libglib2.0-0 2.24.1-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-1 The GTK+ graphical user interface
ii libnspr4-0d 4.8.4-1 NetScape Portable Runtime Library
ii libnss3-1d 3.12.6-2 Network Security Service libraries
ii libpango1.0-0 1.28.0-1 Layout and rendering of internatio
ii libstdc++6 4.4.4-1 The GNU Standard C++ Library v3
ii libx11-6 2:1.3.3-3 X11 client-side library
ii libxext6 2:1.1.1-3 X11 miscellaneous extension librar
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii wget 1.12-2 retrieves files from the web
flashplugin-nonfree recommends no packages.
Versions of packages flashplugin-nonfree suggests:
pn flashplugin-nonfree-extrasoun <none> (no description available)
ii iceweasel 3.5.9-3 Web browser based on Firefox
pn konqueror-nsplugins <none> (no description available)
pn msttcorefonts <none> (no description available)
ii ttf-dejavu 2.30-2 Metapackage to pull in ttf-dejavu-
pn ttf-xfree86-nonfree <none> (no description available)
ii x-ttcidfont-conf 32 TrueType and CID fonts configurati
-- no debconf information
More information about the Secure-testing-team
mailing list