Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sergey Popov <pinkbyte@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201511-02 ] Adobe Flash Player: Multiple vulnerabilities
Date: Tue, 17 Nov 2015 11:49:05
Message-Id: 564B1337.90200@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201511-02
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Adobe Flash Player: Multiple vulnerabilities
9 Date: November 17, 2015
10 Bugs: #563014, #563172, #565318
11 ID: 201511-02
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Adobe Flash Player, the
19 worst of which allows remote attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 The Adobe Flash Player is a renderer for the SWF file format, which is
25 commonly used to provide interactive websites.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-plugins/adobe-flash < 11.2.202.548 >= 11.2.202.548
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Adobe Flash Player.
39 Please review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could possibly execute arbitrary code with the
45 privileges of the process, cause a Denial of Service condition, obtain
46 sensitive information, or bypass security restrictions.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All Adobe Flash Player users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.548"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2015-5569
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5569
66 [ 2 ] CVE-2015-7625
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7625
68 [ 3 ] CVE-2015-7626
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7626
70 [ 4 ] CVE-2015-7627
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7627
72 [ 5 ] CVE-2015-7628
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7628
74 [ 6 ] CVE-2015-7629
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7629
76 [ 7 ] CVE-2015-7630
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7630
78 [ 8 ] CVE-2015-7631
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7631
80 [ 9 ] CVE-2015-7632
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7632
82 [ 10 ] CVE-2015-7633
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7633
84 [ 11 ] CVE-2015-7634
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7634
86 [ 12 ] CVE-2015-7643
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7643
88 [ 13 ] CVE-2015-7644
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7644
90 [ 14 ] CVE-2015-7645
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7645
92 [ 15 ] CVE-2015-7646
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7646
94 [ 16 ] CVE-2015-7647
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7647
96 [ 17 ] CVE-2015-7648
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7648
98 [ 18 ] CVE-2015-7651
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7651
100 [ 19 ] CVE-2015-7652
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7652
102 [ 20 ] CVE-2015-7653
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7653
104 [ 21 ] CVE-2015-7654
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7654
106 [ 22 ] CVE-2015-7655
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7655
108 [ 23 ] CVE-2015-7656
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7656
110 [ 24 ] CVE-2015-7657
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7657
112 [ 25 ] CVE-2015-7658
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7658
114 [ 26 ] CVE-2015-7659
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7659
116 [ 27 ] CVE-2015-7660
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7660
118 [ 28 ] CVE-2015-7661
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7661
120 [ 29 ] CVE-2015-7662
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7662
122 [ 30 ] CVE-2015-7663
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7663
124 [ 31 ] CVE-2015-8042
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8042
126 [ 32 ] CVE-2015-8043
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8043
128 [ 33 ] CVE-2015-8044
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8044
130 [ 34 ] CVE-2015-8046
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8046
132
133 Availability
134 ============
135
136 This GLSA and any updates to it are available for viewing at
137 the Gentoo Security Website:
138
139 https://security.gentoo.org/glsa/201511-02
140
141 Concerns?
142 =========
143
144 Security is a primary focus of Gentoo Linux and ensuring the
145 confidentiality and security of our users' machines is of utmost
146 importance to us. Any security concerns should be addressed to
147 security@g.o or alternatively, you may file a bug at
148 https://bugs.gentoo.org.
149
150 License
151 =======
152
153 Copyright 2015 Gentoo Foundation, Inc; referenced text
154 belongs to its owner(s).
155
156 The contents of this document are licensed under the
157 Creative Commons - Attribution / Share Alike license.
158
159 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups