Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201409-05 ] Adobe Flash Player: Multiple vulnerabilities
Date: Fri, 19 Sep 2014 18:50:03
Message-Id: 541C75D8.5090409@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201409-05
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Adobe Flash Player: Multiple vulnerabilities
9 Date: September 19, 2014
10 Bugs: #522448
11 ID: 201409-05
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Adobe Flash Player, the
19 worst of which allows remote attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 The Adobe Flash Player is a renderer for the SWF file format, which is
25 commonly used to provide interactive websites.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-plugins/adobe-flash < 11.2.202.406 >= 11.2.202.406
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Adobe Flash Player.
39 Please review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could possibly execute arbitrary code with the
45 privileges of the process or bypass security restrictions.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All Adobe Flash Player users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.406"
59
60 References
61 ==========
62
63 [ 1 ] CVE-2014-0547
64 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0547
65 [ 2 ] CVE-2014-0548
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0548
67 [ 3 ] CVE-2014-0549
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0549
69 [ 4 ] CVE-2014-0550
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0550
71 [ 5 ] CVE-2014-0551
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0551
73 [ 6 ] CVE-2014-0552
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0552
75 [ 7 ] CVE-2014-0553
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0553
77 [ 8 ] CVE-2014-0554
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0554
79 [ 9 ] CVE-2014-0555
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0555
81 [ 10 ] CVE-2014-0556
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0556
83 [ 11 ] CVE-2014-0557
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0557
85 [ 12 ] CVE-2014-0559
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0559
87
88 Availability
89 ============
90
91 This GLSA and any updates to it are available for viewing at
92 the Gentoo Security Website:
93
94 http://security.gentoo.org/glsa/glsa-201409-05.xml
95
96 Concerns?
97 =========
98
99 Security is a primary focus of Gentoo Linux and ensuring the
100 confidentiality and security of our users' machines is of utmost
101 importance to us. Any security concerns should be addressed to
102 security@g.o or alternatively, you may file a bug at
103 https://bugs.gentoo.org.
104
105 License
106 =======
107
108 Copyright 2014 Gentoo Foundation, Inc; referenced text
109 belongs to its owner(s).
110
111 The contents of this document are licensed under the
112 Creative Commons - Attribution / Share Alike license.
113
114 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups