The flash-plugin package contains a Firefox-compatible Adobe Flash PlayerWeb browser plug-in.Several input validation flaws were found in the way Flash Player displayscertain content. It may be possible to execute arbitrary code on a victim'smachine, if the victim opens a malicious Adobe Flash file. (CVE-2007-4768, CVE-2007-6242, CVE-2007-6246)A flaw was found in the way Flash Player handled the asfunction: protocol.Malformed SWF files could perform a cross-site scripting attack.(CVE-2007-6244)A flaw was found in the way Flash Player modified HTTP request headers.Malicious content could allow Flash Player to conduct a HTTP responsesplitting attack. (CVE-2007-6245)A flaw was found in the way Flash Player processes certain SWF content. Amalicious SWF file could allow a remote attacker to conduct a port scanningattack from the client's machine. (CVE-2007-4324)A flaw was found in the way Flash Player establishes TCP sessions. A remoteattacker could use Flash Player to conduct a DNS rebinding attack.(CVE-2007-5275) Users of Adobe Flash Player are advised to upgrade to this updated package,which contains version 220.127.116.11 and resolves these issues.