[gentoo-announce] [ GLSA 201606-08 ] Adobe Flash Player: Multiple vulnerabilities - gentoo-announce

From:	Kristian Fiskerstrand <k_f@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201606-08 ] Adobe Flash Player: Multiple vulnerabilities
Date:	Sat, 18 Jun 2016 23:51:49
Message-Id:	`ad90ab18-be7c-c9d7-aff2-4a40c4e83748@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201606-08

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Adobe Flash Player: Multiple vulnerabilities

9

     Date: June 18, 2016

10

     Bugs: #579166, #582670, #586044

11

       ID: 201606-08

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Adobe Flash Player, the

19

worst of which allows remote attackers to execute arbitrary code.

20

21

Background

22

==========

23

24

The Adobe Flash Player is a renderer for the SWF file format, which is

25

commonly used to provide interactive websites.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  www-plugins/adobe-flash   < 11.2.202.626         >= 11.2.202.626

34

35

Description

36

===========

37

38

Multiple vulnerabilities have been discovered in Adobe Flash Player.

39

Please review the CVE identifiers referenced below for details.

40

41

Impact

42

======

43

44

A remote attacker could possibly execute arbitrary code with the

45

privileges of the process, cause a Denial of Service condition, obtain

46

sensitive information, or bypass security restrictions.

47

48

Workaround

49

==========

50

51

There is no known workaround at this time.

52

53

Resolution

54

==========

55

56

All Adobe Flash Player users should upgrade to the latest version:

57

58

<code>

59

# emerge --sync

60

# emerge --ask --oneshot --verbose

61

"www-plugins/adobe-flash-11.2.202.626"

62

63

References

64

==========

65

66

[  1 ] CVE-2016-1019

67

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019

68

[  2 ] CVE-2016-1019

69

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019

70

[  3 ] CVE-2016-1019

71

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019

72

[  4 ] CVE-2016-4117

73

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117

74

[  5 ] CVE-2016-4117

75

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117

76

[  6 ] CVE-2016-4120

77

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120

78

[  7 ] CVE-2016-4120

79

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120

80

[  8 ] CVE-2016-4120

81

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120

82

[  9 ] CVE-2016-4121

83

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4121

84

[ 10 ] CVE-2016-4160

85

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4160

86

[ 11 ] CVE-2016-4161

87

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4161

88

[ 12 ] CVE-2016-4162

89

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4162

90

[ 13 ] CVE-2016-4163

91

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4163

92

[ 14 ] CVE-2016-4171

93

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171

94

[ 15 ] CVE-2016-4171

95

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171

96

[ 16 ] CVE-2016-4171

97

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171

98

99

Availability

100

============

101

102

This GLSA and any updates to it are available for viewing at

103

the Gentoo Security Website:

104

105

 https://security.gentoo.org/glsa/201606-08

106

107

Concerns?

108

=========

109

110

Security is a primary focus of Gentoo Linux and ensuring the

111

confidentiality and security of our users' machines is of utmost

112

importance to us. Any security concerns should be addressed to

113

security@g.o or alternatively, you may file a bug at

114

https://bugs.gentoo.org.

115

116

License

117

=======

118

119

Copyright 2016 Gentoo Foundation, Inc; referenced text

120

belongs to its owner(s).

121

122

The contents of this document are licensed under the

123

Creative Commons - Attribution / Share Alike license.

124

125

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201606-08
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Adobe Flash Player: Multiple vulnerabilities
9	Date: June 18, 2016
10	Bugs: #579166, #582670, #586044
11	ID: 201606-08
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Adobe Flash Player, the
19	worst of which allows remote attackers to execute arbitrary code.
20
21	Background
22	==========
23
24	The Adobe Flash Player is a renderer for the SWF file format, which is
25	commonly used to provide interactive websites.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 www-plugins/adobe-flash < 11.2.202.626 >= 11.2.202.626
34
35	Description
36	===========
37
38	Multiple vulnerabilities have been discovered in Adobe Flash Player.
39	Please review the CVE identifiers referenced below for details.
40
41	Impact
42	======
43
44	A remote attacker could possibly execute arbitrary code with the
45	privileges of the process, cause a Denial of Service condition, obtain
46	sensitive information, or bypass security restrictions.
47
48	Workaround
49	==========
50
51	There is no known workaround at this time.
52
53	Resolution
54	==========
55
56	All Adobe Flash Player users should upgrade to the latest version:
57
58	<code>
59	# emerge --sync
60	# emerge --ask --oneshot --verbose
61	"www-plugins/adobe-flash-11.2.202.626"
62
63	References
64	==========
65
66	[ 1 ] CVE-2016-1019
67	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019
68	[ 2 ] CVE-2016-1019
69	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019
70	[ 3 ] CVE-2016-1019
71	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019
72	[ 4 ] CVE-2016-4117
73	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117
74	[ 5 ] CVE-2016-4117
75	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117
76	[ 6 ] CVE-2016-4120
77	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120
78	[ 7 ] CVE-2016-4120
79	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120
80	[ 8 ] CVE-2016-4120
81	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120
82	[ 9 ] CVE-2016-4121
83	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4121
84	[ 10 ] CVE-2016-4160
85	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4160
86	[ 11 ] CVE-2016-4161
87	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4161
88	[ 12 ] CVE-2016-4162
89	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4162
90	[ 13 ] CVE-2016-4163
91	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4163
92	[ 14 ] CVE-2016-4171
93	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171
94	[ 15 ] CVE-2016-4171
95	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171
96	[ 16 ] CVE-2016-4171
97	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171
98
99	Availability
100	============
101
102	This GLSA and any updates to it are available for viewing at
103	the Gentoo Security Website:
104
105	https://security.gentoo.org/glsa/201606-08
106
107	Concerns?
108	=========
109
110	Security is a primary focus of Gentoo Linux and ensuring the
111	confidentiality and security of our users' machines is of utmost
112	importance to us. Any security concerns should be addressed to
113	security@g.o or alternatively, you may file a bug at
114	https://bugs.gentoo.org.
115
116	License
117	=======
118
119	Copyright 2016 Gentoo Foundation, Inc; referenced text
120	belongs to its owner(s).
121
122	The contents of this document are licensed under the
123	Creative Commons - Attribution / Share Alike license.
124
125	http://creativecommons.org/licenses/by-sa/2.5