Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201507-13 ] Adobe Flash Player: Multiple vulnerabilities
Date: Fri, 10 Jul 2015 12:57:27
Message-Id: 559FBFB9.4080508@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201507-13
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Adobe Flash Player: Multiple vulnerabilities
9 Date: July 10, 2015
10 Bugs: #552946, #554220, #554250
11 ID: 201507-13
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Adobe Flash Player, the
19 worst of which allows remote attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 The Adobe Flash Player is a renderer for the SWF file format, which is
25 commonly used to provide interactive websites.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-plugins/adobe-flash < 11.2.202.481 >= 11.2.202.481
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Adobe Flash Player.
39 Please review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could possibly execute arbitrary code with the
45 privileges of the process, cause a Denial of Service condition, obtain
46 sensitive information, or bypass security restrictions.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All Adobe Flash Player users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.481"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2014-0578
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0578
66 [ 2 ] CVE-2015-3113
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3113
68 [ 3 ] CVE-2015-3114
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3114
70 [ 4 ] CVE-2015-3115
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3115
72 [ 5 ] CVE-2015-3116
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3116
74 [ 6 ] CVE-2015-3117
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3117
76 [ 7 ] CVE-2015-3118
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3118
78 [ 8 ] CVE-2015-3119
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3119
80 [ 9 ] CVE-2015-3120
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3120
82 [ 10 ] CVE-2015-3121
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3121
84 [ 11 ] CVE-2015-3122
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3122
86 [ 12 ] CVE-2015-3123
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3123
88 [ 13 ] CVE-2015-3124
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3124
90 [ 14 ] CVE-2015-3125
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3125
92 [ 15 ] CVE-2015-3126
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3126
94 [ 16 ] CVE-2015-3127
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3127
96 [ 17 ] CVE-2015-3128
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3128
98 [ 18 ] CVE-2015-3129
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3129
100 [ 19 ] CVE-2015-3130
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3130
102 [ 20 ] CVE-2015-3131
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3131
104 [ 21 ] CVE-2015-3132
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3132
106 [ 22 ] CVE-2015-3133
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3133
108 [ 23 ] CVE-2015-3134
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3134
110 [ 24 ] CVE-2015-3135
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3135
112 [ 25 ] CVE-2015-3136
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3136
114 [ 26 ] CVE-2015-3137
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3137
116 [ 27 ] CVE-2015-4428
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4428
118 [ 28 ] CVE-2015-4429
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4429
120 [ 29 ] CVE-2015-4430
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4430
122 [ 30 ] CVE-2015-4431
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4431
124 [ 31 ] CVE-2015-4432
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4432
126 [ 32 ] CVE-2015-4433
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4433
128 [ 33 ] CVE-2015-5116
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5116
130 [ 34 ] CVE-2015-5117
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5117
132 [ 35 ] CVE-2015-5118
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5118
134 [ 36 ] CVE-2015-5119
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5119
136
137 Availability
138 ============
139
140 This GLSA and any updates to it are available for viewing at
141 the Gentoo Security Website:
142
143 https://security.gentoo.org/glsa/201507-13
144
145 Concerns?
146 =========
147
148 Security is a primary focus of Gentoo Linux and ensuring the
149 confidentiality and security of our users' machines is of utmost
150 importance to us. Any security concerns should be addressed to
151 security@g.o or alternatively, you may file a bug at
152 https://bugs.gentoo.org.
153
154 License
155 =======
156
157 Copyright 2015 Gentoo Foundation, Inc; referenced text
158 belongs to its owner(s).
159
160 The contents of this document are licensed under the
161 Creative Commons - Attribution / Share Alike license.
162
163 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups