Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Tim Sammut <underling@g.o>
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 201101-09 ] Adobe Flash Player: Multiple vulnerabilities
Date: Fri, 21 Jan 2011 18:32:07
Message-Id: 4D39BFB3.5000702@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201101-09
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Adobe Flash Player: Multiple vulnerabilities
9 Date: January 21, 2011
10 Bugs: #307749, #322855, #332205, #337204, #343089
11 ID: 201101-09
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities in Adobe Flash Player might allow remote
19 attackers to execute arbitrary code or cause a Denial of Service.
20
21 Background
22 ==========
23
24 The Adobe Flash Player is a renderer for the SWF file format, which is
25 commonly used to provide interactive websites.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-plugins/adobe-flash < 10.1.102.64 >= 10.1.102.64
34
35 Description
36 ===========
37
38 Multiple vulnerabilities were discovered in Adobe Flash Player. For
39 further information please consult the CVE entries and the Adobe
40 Security Bulletins referenced below.
41
42 Impact
43 ======
44
45 A remote attacker could entice a user to open a specially crafted SWF
46 file, possibly resulting in the execution of arbitrary code with the
47 privileges of the user running the application, or a Denial of Service.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All Adobe Flash Player users should upgrade to the latest stable
58 version:
59
60 # emerge --sync
61 # emerge --ask --oneshot --verbose
62 ">=www-plugins/adobe-flash-10.1.102.64"
63
64 References
65 ==========
66
67 [ 1 ] APSB10-06
68 http://www.adobe.com/support/security/bulletins/apsb10-06.html
69 [ 2 ] APSB10-14
70 http://www.adobe.com/support/security/bulletins/apsb10-14.html
71 [ 3 ] APSB10-16
72 http://www.adobe.com/support/security/bulletins/apsb10-16.html
73 [ 4 ] APSB10-22
74 http://www.adobe.com/support/security/bulletins/apsb10-22.html
75 [ 5 ] APSB10-26
76 http://www.adobe.com/support/security/bulletins/apsb10-26.html
77 [ 6 ] CVE-2008-4546
78 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
79 [ 7 ] CVE-2009-3793
80 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
81 [ 8 ] CVE-2010-0186
82 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
83 [ 9 ] CVE-2010-0187
84 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
85 [ 10 ] CVE-2010-0209
86 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
87 [ 11 ] CVE-2010-1297
88 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
89 [ 12 ] CVE-2010-2160
90 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
91 [ 13 ] CVE-2010-2161
92 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
93 [ 14 ] CVE-2010-2162
94 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
95 [ 15 ] CVE-2010-2163
96 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
97 [ 16 ] CVE-2010-2164
98 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
99 [ 17 ] CVE-2010-2165
100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
101 [ 18 ] CVE-2010-2166
102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
103 [ 19 ] CVE-2010-2167
104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
105 [ 20 ] CVE-2010-2169
106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
107 [ 21 ] CVE-2010-2170
108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
109 [ 22 ] CVE-2010-2171
110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
111 [ 23 ] CVE-2010-2172
112 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
113 [ 24 ] CVE-2010-2173
114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
115 [ 25 ] CVE-2010-2174
116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
117 [ 26 ] CVE-2010-2175
118 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
119 [ 27 ] CVE-2010-2176
120 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
121 [ 28 ] CVE-2010-2177
122 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
123 [ 29 ] CVE-2010-2178
124 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
125 [ 30 ] CVE-2010-2179
126 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
127 [ 31 ] CVE-2010-2180
128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
129 [ 32 ] CVE-2010-2181
130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
131 [ 33 ] CVE-2010-2182
132 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
133 [ 34 ] CVE-2010-2183
134 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
135 [ 35 ] CVE-2010-2184
136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
137 [ 36 ] CVE-2010-2185
138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
139 [ 37 ] CVE-2010-2186
140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
141 [ 38 ] CVE-2010-2187
142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
143 [ 39 ] CVE-2010-2188
144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
145 [ 40 ] CVE-2010-2189
146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
147 [ 41 ] CVE-2010-2213
148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
149 [ 42 ] CVE-2010-2214
150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
151 [ 43 ] CVE-2010-2215
152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
153 [ 44 ] CVE-2010-2216
154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
155 [ 45 ] CVE-2010-2884
156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
157 [ 46 ] CVE-2010-3636
158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
159 [ 47 ] CVE-2010-3639
160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
161 [ 48 ] CVE-2010-3640
162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
163 [ 49 ] CVE-2010-3641
164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
165 [ 50 ] CVE-2010-3642
166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
167 [ 51 ] CVE-2010-3643
168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
169 [ 52 ] CVE-2010-3644
170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
171 [ 53 ] CVE-2010-3645
172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
173 [ 54 ] CVE-2010-3646
174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
175 [ 55 ] CVE-2010-3647
176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
177 [ 56 ] CVE-2010-3648
178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
179 [ 57 ] CVE-2010-3649
180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
181 [ 58 ] CVE-2010-3650
182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
183 [ 59 ] CVE-2010-3652
184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
185 [ 60 ] CVE-2010-3654
186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
187 [ 61 ] CVE-2010-3976
188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
189
190 Availability
191 ============
192
193 This GLSA and any updates to it are available for viewing at
194 the Gentoo Security Website:
195
196 http://security.gentoo.org/glsa/glsa-201101-09.xml
197
198 Concerns?
199 =========
200
201 Security is a primary focus of Gentoo Linux and ensuring the
202 confidentiality and security of our users machines is of utmost
203 importance to us. Any security concerns should be addressed to
204 security@g.o or alternatively, you may file a bug at
205 https://bugs.gentoo.org.
206
207 License
208 =======
209
210 Copyright 2011 Gentoo Foundation, Inc; referenced text
211 belongs to its owner(s).
212
213 The contents of this document are licensed under the
214 Creative Commons - Attribution / Share Alike license.
215
216 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups