Sam Morris
2010-Jun-10 11:25 UTC
[Secure-testing-team] Bug#585408: flashplugin-nonfree: Execution of arbitrary code [CVE-2010-1297]
Package: flashplugin-nonfree Version: 1:2.8 Severity: grave Tags: security Justification: user security hole As described at <http://www.adobe.com/support/security/advisories/apsa10-01.html>, A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This is CVE-2010-1297 and APSA10-01. -- Package-specific info: Debian version: squeeze/sid Architecture: amd64 Package version: 1:2.8 Adobe Flash Player version: LNX 10,0,45,2 MD5 checksums: 4a4561e456612a6751653b58342d53df /var/cache/flashplugin-nonfree/libflashplayer-10.0.45.2.linux-x86_64.so.tar.gz 57fb976761aac898897e96101ee1a4e0 /usr/lib/flashplugin-nonfree/libflashplayer.so Alternatives: flash-mozilla.so - auto mode link currently points to /usr/lib/flashplugin-nonfree/libflashplayer.so /usr/lib/flashplugin-nonfree/libflashplayer.so - priority 50 /usr/lib/gnash/libgnashplugin.so - priority 10 Current ''best'' version is ''/usr/lib/flashplugin-nonfree/libflashplayer.so''. lrwxrwxrwx 1 root root 34 Mar 2 15:42 /usr/lib/mozilla/plugins/flash-mozilla.so -> /etc/alternatives/flash-mozilla.so /usr/lib/mozilla/plugins/flash-mozilla.so: symbolic link to `/etc/alternatives/flash-mozilla.so'' Libraries used by libflashplayer.so: linux-vdso.so.1 => (0x00007fff619ff000) libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f079e0d6000) libpthread.so.0 => /lib/libpthread.so.0 (0x00007f079deba000) libX11.so.6 => /usr/lib/libX11.so.6 (0x00007f079db7d000) libXext.so.6 => /usr/lib/libXext.so.6 (0x00007f079d96b000) libXt.so.6 => /usr/lib/libXt.so.6 (0x00007f079d707000) libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x00007f079d47f000) libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x00007f079d24a000) libgtk-x11-2.0.so.0 => /usr/lib/libgtk-x11-2.0.so.0 (0x00007f079cc2a000) libgdk-x11-2.0.so.0 => /usr/lib/libgdk-x11-2.0.so.0 (0x00007f079c97c000) libatk-1.0.so.0 => /usr/lib/libatk-1.0.so.0 (0x00007f079c75b000) libgdk_pixbuf-2.0.so.0 => /usr/lib/libgdk_pixbuf-2.0.so.0 (0x00007f079c53f000) libpangocairo-1.0.so.0 => /usr/lib/libpangocairo-1.0.so.0 (0x00007f079c332000) libpango-1.0.so.0 => /usr/lib/libpango-1.0.so.0 (0x00007f079c0e6000) libcairo.so.2 => /usr/lib/libcairo.so.2 (0x00007f079be69000) libgobject-2.0.so.0 => /usr/lib/libgobject-2.0.so.0 (0x00007f079bc21000) libgmodule-2.0.so.0 => /usr/lib/libgmodule-2.0.so.0 (0x00007f079ba1e000) libdl.so.2 => /lib/libdl.so.2 (0x00007f079b81a000) libglib-2.0.so.0 => /lib/libglib-2.0.so.0 (0x00007f079b53d000) libnss3.so => /usr/lib/libnss3.so (0x00007f079b23a000) libsmime3.so => /usr/lib/libsmime3.so (0x00007f079b014000) libssl3.so => /usr/lib/libssl3.so (0x00007f079ade3000) libplds4.so => /usr/lib/libplds4.so (0x00007f079abe0000) libplc4.so => /usr/lib/libplc4.so (0x00007f079a9dc000) libnspr4.so => /usr/lib/libnspr4.so (0x00007f079a79e000) libm.so.6 => /lib/libm.so.6 (0x00007f079a51c000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f079a306000) libc.so.6 => /lib/libc.so.6 (0x00007f0799fb1000) /lib64/ld-linux-x86-64.so.2 (0x00007f07a300f000) libxcb.so.1 => /usr/lib/libxcb.so.1 (0x00007f0799d95000) libSM.so.6 => /usr/lib/libSM.so.6 (0x00007f0799b8d000) libICE.so.6 => /usr/lib/libICE.so.6 (0x00007f0799971000) libz.so.1 => /usr/lib/libz.so.1 (0x00007f079975a000) libexpat.so.1 => /usr/lib/libexpat.so.1 (0x00007f0799532000) libXcomposite.so.1 => /usr/lib/libXcomposite.so.1 (0x00007f079932f000) libXdamage.so.1 => /usr/lib/libXdamage.so.1 (0x00007f079912d000) libXfixes.so.3 => /usr/lib/libXfixes.so.3 (0x00007f0798f28000) libgio-2.0.so.0 => /usr/lib/libgio-2.0.so.0 (0x00007f0798c75000) libpangoft2-1.0.so.0 => /usr/lib/libpangoft2-1.0.so.0 (0x00007f0798a4c000) libgthread-2.0.so.0 => /usr/lib/libgthread-2.0.so.0 (0x00007f0798848000) librt.so.1 => /lib/librt.so.1 (0x00007f079863f000) libXrender.so.1 => /usr/lib/libXrender.so.1 (0x00007f0798435000) libXinerama.so.1 => /usr/lib/libXinerama.so.1 (0x00007f0798233000) libXi.so.6 => /usr/lib/libXi.so.6 (0x00007f0798023000) libXrandr.so.2 => /usr/lib/libXrandr.so.2 (0x00007f0797e1b000) libXcursor.so.1 => /usr/lib/libXcursor.so.1 (0x00007f0797c11000) libpixman-1.so.0 => /usr/lib/libpixman-1.so.0 (0x00007f07979b8000) libpng12.so.0 => /lib/libpng12.so.0 (0x00007f0797792000) libxcb-render-util.so.0 => /usr/lib/libxcb-render-util.so.0 (0x00007f079758e000) libxcb-render.so.0 => /usr/lib/libxcb-render.so.0 (0x00007f0797386000) libpcre.so.3 => /lib/libpcre.so.3 (0x00007f0797157000) libnssutil3.so.1d => /usr/lib/libnssutil3.so.1d (0x00007f0796f3a000) libXau.so.6 => /usr/lib/libXau.so.6 (0x00007f0796d37000) libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x00007f0796b31000) libuuid.so.1 => /lib/libuuid.so.1 (0x00007f079692d000) libresolv.so.2 => /lib/libresolv.so.2 (0x00007f0796716000) libselinux.so.1 => /lib/libselinux.so.1 (0x00007f07964f8000) Packages containing libraries used by libflashplayer.so: dpkg: /lib64/ld-linux-x86-64.so.2 not found. libatk1.0-0 1.30.0-1 libc6 2.10.2-9 libcairo2 1.8.10-4 libexpat1 2.0.1-7 libfontconfig1 2.8.0-2.1 libfreetype6 2.3.11-1 libgcc1 1:4.4.4-1 libglib2.0-0 2.24.1-1 libgtk2.0-0 2.20.1-1 libice6 2:1.0.6-1 libnspr4-0d 4.8.4-1 libnss3-1d 3.12.6-2 libpango1.0-0 1.28.0-1 libpcre3 7.8-3 libpixman-1-0 0.16.4-1 libpng12-0 1.2.43-1 libselinux1 2.0.94-1 libsm6 2:1.1.1-1 libstdc++6 4.4.4-1 libuuid1 2.16.2-0 libx11-6 2:1.3.3-3 libxau6 1:1.0.5-2 libxcb-render-util0 0.3.6-1 libxcb-render0 1.6-1 libxcb1 1.6-1 libxcomposite1 1:0.4.1-1 libxcursor1 1:1.1.10-2 libxdamage1 1:1.1.2-1 libxdmcp6 1:1.0.3-2 libxext6 2:1.1.1-3 libxfixes3 1:4.0.4-2 libxi6 2:1.3-4 libxinerama1 2:1.1-3 libxrandr2 2:1.3.0-3 libxrender1 1:0.9.5-2 libxt6 1:1.0.7-1 zlib1g 1:1.2.3.4.dfsg-3 -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (530, ''testing''), (520, ''unstable''), (1, ''experimental'') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages flashplugin-nonfree depends on: ii debconf [debconf-2.0] 1.5.32 Debian configuration management sy ii gnupg 1.4.10-4 GNU privacy guard - a free PGP rep ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libcairo2 1.8.10-4 The Cairo 2D vector graphics libra ii libcurl3-gnutls 7.20.1-2 Multi-protocol file transfer libra ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.3.11-1 FreeType 2 font engine, shared lib ii libgcc1 1:4.4.4-1 GCC support library ii libglib2.0-0 2.24.1-1 The GLib library of C routines ii libgtk2.0-0 2.20.1-1 The GTK+ graphical user interface ii libnspr4-0d 4.8.4-1 NetScape Portable Runtime Library ii libnss3-1d 3.12.6-2 Network Security Service libraries ii libpango1.0-0 1.28.0-1 Layout and rendering of internatio ii libstdc++6 4.4.4-1 The GNU Standard C++ Library v3 ii libx11-6 2:1.3.3-3 X11 client-side library ii libxext6 2:1.1.1-3 X11 miscellaneous extension librar ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library ii wget 1.12-2 retrieves files from the web flashplugin-nonfree recommends no packages. Versions of packages flashplugin-nonfree suggests: pn flashplugin-nonfree-extrasoun <none> (no description available) ii iceweasel 3.5.9-3 Web browser based on Firefox pn konqueror-nsplugins <none> (no description available) pn msttcorefonts <none> (no description available) ii ttf-dejavu 2.30-2 Metapackage to pull in ttf-dejavu- pn ttf-xfree86-nonfree <none> (no description available) ii x-ttcidfont-conf 32 TrueType and CID fonts configurati -- no debconf information