Gentoo Archives: gentoo-announce

From: Yury German <blueknight@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201508-01 ] Adobe Flash Player: Multiple vulnerabilities
Date: Sat, 15 Aug 2015 05:00:14
Message-Id: 55CEC6DC.9090100@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201508-01
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Adobe Flash Player: Multiple vulnerabilities
9 Date: August 15, 2015
10 Bugs: #554882, #557342
11 ID: 201508-01
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Adobe Flash Player, the
19 worst of which allows remote attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 The Adobe Flash Player is a renderer for the SWF file format, which is
25 commonly used to provide interactive websites.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-plugins/adobe-flash < 11.2.202.508 >= 11.2.202.508
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Adobe Flash Player.
39 Please review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could possibly execute arbitrary code with the
45 privileges of the process, cause a Denial of Service condition, obtain
46 sensitive information, or bypass security restrictions.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All Adobe Flash Player users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.508"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2015-3107
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107
66 [ 2 ] CVE-2015-5122
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5122
68 [ 3 ] CVE-2015-5123
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5123
70 [ 4 ] CVE-2015-5124
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5124
72 [ 5 ] CVE-2015-5125
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5125
74 [ 6 ] CVE-2015-5127
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5127
76 [ 7 ] CVE-2015-5129
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5129
78 [ 8 ] CVE-2015-5130
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5130
80 [ 9 ] CVE-2015-5131
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5131
82 [ 10 ] CVE-2015-5132
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5132
84 [ 11 ] CVE-2015-5133
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5133
86 [ 12 ] CVE-2015-5134
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5134
88 [ 13 ] CVE-2015-5539
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5539
90 [ 14 ] CVE-2015-5540
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5540
92 [ 15 ] CVE-2015-5541
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5541
94 [ 16 ] CVE-2015-5544
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5544
96 [ 17 ] CVE-2015-5545
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5545
98 [ 18 ] CVE-2015-5546
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5546
100 [ 19 ] CVE-2015-5547
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5547
102 [ 20 ] CVE-2015-5548
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5548
104 [ 21 ] CVE-2015-5549
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5549
106 [ 22 ] CVE-2015-5550
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5550
108 [ 23 ] CVE-2015-5551
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5551
110 [ 24 ] CVE-2015-5552
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5552
112 [ 25 ] CVE-2015-5553
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5553
114 [ 26 ] CVE-2015-5554
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5554
116 [ 27 ] CVE-2015-5555
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5555
118 [ 28 ] CVE-2015-5556
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5556
120 [ 29 ] CVE-2015-5557
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5557
122 [ 30 ] CVE-2015-5558
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5558
124 [ 31 ] CVE-2015-5559
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5559
126 [ 32 ] CVE-2015-5560
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5560
128 [ 33 ] CVE-2015-5561
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5561
130 [ 34 ] CVE-2015-5562
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5562
132 [ 35 ] CVE-2015-5563
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5563
134 [ 36 ] CVE-2015-5564
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5564
136 [ 37 ] CVE-2015-5965
137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5965
138
139 Availability
140 ============
141
142 This GLSA and any updates to it are available for viewing at
143 the Gentoo Security Website:
144
145 https://security.gentoo.org/glsa/201508-01
146
147 Concerns?
148 =========
149
150 Security is a primary focus of Gentoo Linux and ensuring the
151 confidentiality and security of our users' machines is of utmost
152 importance to us. Any security concerns should be addressed to
153 security@g.o or alternatively, you may file a bug at
154 https://bugs.gentoo.org.
155
156 License
157 =======
158
159 Copyright 2015 Gentoo Foundation, Inc; referenced text
160 belongs to its owner(s).
161
162 The contents of this document are licensed under the
163 Creative Commons - Attribution / Share Alike license.
164
165 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature