Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Mikle Kolyada <zlogene@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201503-09 ] Adobe Flash Player: Multiple vulnerabilities
Date: Mon, 16 Mar 2015 21:07:23
Message-Id: 550744E7.9020707@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201503-09
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Adobe Flash Player: Multiple vulnerabilities
9 Date: March 16, 2015
10 Bugs: #543112
11 ID: 201503-09
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Adobe Flash Player, the
19 worst of which allows remote attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 The Adobe Flash Player is a renderer for the SWF file format, which is
25 commonly used to provide interactive websites.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-plugins/adobe-flash < 11.2.202.451 >= 11.2.202.451
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Adobe Flash Player.
39 Please review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could possibly execute arbitrary code with the
45 privileges of the process, cause a Denial of Service condition, or
46 bypass security restrictions.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All adobe-flash users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.451"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2015-0332
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0332
66 [ 2 ] CVE-2015-0333
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0333
68 [ 3 ] CVE-2015-0334
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0334
70 [ 4 ] CVE-2015-0335
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0335
72 [ 5 ] CVE-2015-0336
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0336
74 [ 6 ] CVE-2015-0337
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0337
76 [ 7 ] CVE-2015-0338
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0338
78 [ 8 ] CVE-2015-0339
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0339
80 [ 9 ] CVE-2015-0340
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0340
82 [ 10 ] CVE-2015-0341
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0341
84 [ 11 ] CVE-2015-0342
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0342
86
87 Availability
88 ============
89
90 This GLSA and any updates to it are available for viewing at
91 the Gentoo Security Website:
92
93 https://security.gentoo.org/glsa/201503-09
94
95 Concerns?
96 =========
97
98 Security is a primary focus of Gentoo Linux and ensuring the
99 confidentiality and security of our users' machines is of utmost
100 importance to us. Any security concerns should be addressed to
101 security@g.o or alternatively, you may file a bug at
102 https://bugs.gentoo.org.
103
104 License
105 =======
106
107 Copyright 2015 Gentoo Foundation, Inc; referenced text
108 belongs to its owner(s).
109
110 The contents of this document are licensed under the
111 Creative Commons - Attribution / Share Alike license.
112
113 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups