Ubuntu
flashplugin-nonfree package

flashplugin-nonfree update needed due to upstream change(APSB09-01)

Bug #334134 reported by Scott Talbert
272
This bug affects 2 people
Affects Status Importance Assigned to Milestone
flashplugin-nonfree (Ubuntu)
Fix Released
High
Jamie Strandboge
Gutsy
Fix Released
High
Jamie Strandboge
Hardy
Fix Released
High
Jamie Strandboge
Intrepid
Fix Released
High
Jamie Strandboge
Jaunty
Fix Released
High
Jamie Strandboge

Bug Description

Binary package hint: flashplugin-nonfree

Adobe released version 10.0.22.87 of the Flash Player Plugin today. This means that the checksum of the install_flash_player_10_linux.tar.gz has changed and thus flashplugin-nonfree is currently un-installable - the install fails with an md5sum mismatch. Thus, the flashplugin-nonfree should be updated to contain the new md5sum values.

CVE number: CVE-2009-0519, CVE-2009-0520, CVE-2009-0522, CVE-2009-0114, CVE-2009-0521

Advisory summary(from Adobe):
> A potential vulnerability has been identified in Adobe Flash Player 10.0.12.36 and earlier that could allow an attacker
> who successfully exploits this potential vulnerability to take control of the affected system. A malicious SWF must
> be loaded in Flash Player by the user for an attacker to exploit this potential vulnerability. Additional vulnerabilities
> have been addressed in this update. Adobe recommends users update to the most current version of Flash Player
> available for their platform.

Acton Items:

Update flashplugin-nonfree's md5sums to;

- Flash Player 10(Jaunty, Intrepid, Hardy-backports);
=> Update to 10.0.22.87 / Available in upstream(adobe).

- Flash Player 9(Hardy, Gutsy, Dapper-backports);
=> Update to 9.0.159.0 / Available in upstream(adobe).

- Flash Player 7(Dapper)
=> No way, use dapper-backports.

See original description
Revision history for this message
Scott Talbert (swt-techie) wrote :

Attached is a debdiff that I believe resolves the issue. It worked OK for me.

Revision history for this message
Scott Talbert (swt-techie) wrote :

It appears this update includes security fixes as well: http://www.adobe.com/support/security/bulletins/apsb09-01.html

Fumihito YOSHIDA (hito)
description: updated
Mathieu Marquer (slasher-fun)
Changed in flashplugin-nonfree:
status: New → Confirmed
Jamie Strandboge (jdstrand)
Changed in flashplugin-nonfree:
status: New → In Progress
importance: Undecided → High
assignee: nobody → jdstrand
status: New → In Progress
importance: Undecided → High
assignee: nobody → jdstrand
status: New → In Progress
importance: Undecided → High
assignee: nobody → jdstrand
status: Confirmed → In Progress
importance: Undecided → High
assignee: nobody → jdstrand
Jamie Strandboge (jdstrand)
Changed in flashplugin-nonfree:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

flashplugin-nonfree (10.0.22.87ubuntu1) jaunty; urgency=low

  * SECURITY UPDATE: New upstream release 10.0.22.87
    - debian/config, debian/postinst: Updated for sha256sums.
    - CVE-2009-0114
    - CVE-2009-0519
    - CVE-2009-0520
    - CVE-2009-0522
    - CVE-2009-0521

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

flashplugin-nonfree (9.0.159.0ubuntu1~gutsy1) gutsy-security; urgency=low

  * SECURITY UPDATE: New upstream release 9.0.159.0
    - debian/config, debian/postinst: Updated for sha256sums.
    - CVE-2009-0114
    - CVE-2009-0519
    - CVE-2009-0520
    - CVE-2009-0522
    - CVE-2009-0521

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

flashplugin-nonfree (10.0.22.87ubuntu1~intrepid1) intrepid-security; urgency=low

  * SECURITY UPDATE: New upstream release 10.0.22.87
    - debian/config, debian/postinst: Updated for sha256sums.
    - CVE-2009-0114
    - CVE-2009-0519
    - CVE-2009-0520
    - CVE-2009-0522
    - CVE-2009-0521

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

flashplugin-nonfree (9.0.159.0ubuntu1~hardy1) hardy-security; urgency=low

  * SECURITY UPDATE: New upstream release 9.0.159.0
    - debian/config, debian/postinst: Updated for sha256sums.
    - CVE-2009-0114
    - CVE-2009-0519
    - CVE-2009-0520
    - CVE-2009-0522
    - CVE-2009-0521

Changed in flashplugin-nonfree:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.