[gentoo-announce] [ GLSA 201610-10 ] Adobe Flash Player: Multiple vulnerabilities - gentoo-announce

From:	Kristian Fiskerstrand <k_f@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201610-10 ] Adobe Flash Player: Multiple vulnerabilities
Date:	Sat, 29 Oct 2016 13:26:53
Message-Id:	`b2861928-b357-d21c-ffa9-1fd7cf275ded@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201610-10

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Adobe Flash Player: Multiple vulnerabilities

9

     Date: October 29, 2016

10

     Bugs: #593684, #596896, #598152

11

       ID: 201610-10

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Adobe Flash Player, the

19

worst of which allows remote attackers to execute arbitrary code.

20

21

Background

22

==========

23

24

The Adobe Flash Player is a renderer for the SWF file format, which is

25

commonly used to provide interactive websites.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  www-plugins/adobe-flash    < 23.0.0.205         *>= 11.2.202.635

34

                                                        >= 23.0.0.205

35

36

Description

37

===========

38

39

Multiple vulnerabilities have been discovered in Adobe Flash Player.

40

Please review the CVE identifiers referenced below for details.

41

42

Impact

43

======

44

45

A remote attacker could possibly execute arbitrary code with the

46

privileges of the process, cause a Denial of Service condition, obtain

47

sensitive information, or bypass security restrictions.

48

49

Workaround

50

==========

51

52

There is no known workaround at this time.

53

54

Resolution

55

==========

56

57

All Adobe Flash Player 23.x users should upgrade to the latest version:

58

59

  # emerge --sync

60

  # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-23.0.0.205"

61

62

All Adobe Flash Player 11.x users should upgrade to the latest version:

63

64

  # emerge --sync

65

  # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.635"

66

67

References

68

==========

69

70

[  1 ] CVE-2016-4182

71

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182

72

[  2 ] CVE-2016-4271

73

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271

74

[  3 ] CVE-2016-4272

75

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272

76

[  4 ] CVE-2016-4273

77

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273

78

[  5 ] CVE-2016-4274

79

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274

80

[  6 ] CVE-2016-4275

81

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275

82

[  7 ] CVE-2016-4276

83

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276

84

[  8 ] CVE-2016-4277

85

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277

86

[  9 ] CVE-2016-4278

87

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278

88

[ 10 ] CVE-2016-4279

89

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279

90

[ 11 ] CVE-2016-4280

91

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280

92

[ 12 ] CVE-2016-4281

93

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281

94

[ 13 ] CVE-2016-4282

95

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282

96

[ 14 ] CVE-2016-4283

97

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283

98

[ 15 ] CVE-2016-4284

99

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284

100

[ 16 ] CVE-2016-4285

101

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285

102

[ 17 ] CVE-2016-4286

103

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286

104

[ 18 ] CVE-2016-4287

105

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287

106

[ 19 ] CVE-2016-6921

107

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921

108

[ 20 ] CVE-2016-6922

109

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922

110

[ 21 ] CVE-2016-6923

111

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923

112

[ 22 ] CVE-2016-6924

113

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924

114

[ 23 ] CVE-2016-6925

115

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925

116

[ 24 ] CVE-2016-6926

117

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926

118

[ 25 ] CVE-2016-6927

119

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927

120

[ 26 ] CVE-2016-6929

121

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929

122

[ 27 ] CVE-2016-6930

123

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930

124

[ 28 ] CVE-2016-6931

125

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931

126

[ 29 ] CVE-2016-6932

127

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932

128

[ 30 ] CVE-2016-6981

129

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981

130

[ 31 ] CVE-2016-6982

131

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982

132

[ 32 ] CVE-2016-6983

133

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983

134

[ 33 ] CVE-2016-6984

135

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984

136

[ 34 ] CVE-2016-6985

137

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985

138

[ 35 ] CVE-2016-6986

139

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986

140

[ 36 ] CVE-2016-6987

141

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987

142

[ 37 ] CVE-2016-6989

143

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989

144

[ 38 ] CVE-2016-6990

145

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990

146

[ 39 ] CVE-2016-6992

147

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992

148

[ 40 ] CVE-2016-7855

149

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855

150

151

Availability

152

============

153

154

This GLSA and any updates to it are available for viewing at

155

the Gentoo Security Website:

156

157

 https://security.gentoo.org/glsa/201610-10

158

159

Concerns?

160

=========

161

162

Security is a primary focus of Gentoo Linux and ensuring the

163

confidentiality and security of our users' machines is of utmost

164

importance to us. Any security concerns should be addressed to

165

security@g.o or alternatively, you may file a bug at

166

https://bugs.gentoo.org.

167

168

License

169

=======

170

171

Copyright 2016 Gentoo Foundation, Inc; referenced text

172

belongs to its owner(s).

173

174

The contents of this document are licensed under the

175

Creative Commons - Attribution / Share Alike license.

176

177

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201610-10
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Adobe Flash Player: Multiple vulnerabilities
9	Date: October 29, 2016
10	Bugs: #593684, #596896, #598152
11	ID: 201610-10
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Adobe Flash Player, the
19	worst of which allows remote attackers to execute arbitrary code.
20
21	Background
22	==========
23
24	The Adobe Flash Player is a renderer for the SWF file format, which is
25	commonly used to provide interactive websites.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 www-plugins/adobe-flash < 23.0.0.205 *>= 11.2.202.635
34	>= 23.0.0.205
35
36	Description
37	===========
38
39	Multiple vulnerabilities have been discovered in Adobe Flash Player.
40	Please review the CVE identifiers referenced below for details.
41
42	Impact
43	======
44
45	A remote attacker could possibly execute arbitrary code with the
46	privileges of the process, cause a Denial of Service condition, obtain
47	sensitive information, or bypass security restrictions.
48
49	Workaround
50	==========
51
52	There is no known workaround at this time.
53
54	Resolution
55	==========
56
57	All Adobe Flash Player 23.x users should upgrade to the latest version:
58
59	# emerge --sync
60	# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-23.0.0.205"
61
62	All Adobe Flash Player 11.x users should upgrade to the latest version:
63
64	# emerge --sync
65	# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.635"
66
67	References
68	==========
69
70	[ 1 ] CVE-2016-4182
71	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182
72	[ 2 ] CVE-2016-4271
73	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271
74	[ 3 ] CVE-2016-4272
75	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272
76	[ 4 ] CVE-2016-4273
77	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273
78	[ 5 ] CVE-2016-4274
79	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274
80	[ 6 ] CVE-2016-4275
81	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275
82	[ 7 ] CVE-2016-4276
83	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276
84	[ 8 ] CVE-2016-4277
85	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277
86	[ 9 ] CVE-2016-4278
87	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278
88	[ 10 ] CVE-2016-4279
89	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279
90	[ 11 ] CVE-2016-4280
91	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280
92	[ 12 ] CVE-2016-4281
93	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281
94	[ 13 ] CVE-2016-4282
95	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282
96	[ 14 ] CVE-2016-4283
97	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283
98	[ 15 ] CVE-2016-4284
99	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284
100	[ 16 ] CVE-2016-4285
101	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285
102	[ 17 ] CVE-2016-4286
103	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286
104	[ 18 ] CVE-2016-4287
105	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287
106	[ 19 ] CVE-2016-6921
107	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921
108	[ 20 ] CVE-2016-6922
109	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922
110	[ 21 ] CVE-2016-6923
111	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923
112	[ 22 ] CVE-2016-6924
113	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924
114	[ 23 ] CVE-2016-6925
115	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925
116	[ 24 ] CVE-2016-6926
117	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926
118	[ 25 ] CVE-2016-6927
119	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927
120	[ 26 ] CVE-2016-6929
121	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929
122	[ 27 ] CVE-2016-6930
123	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930
124	[ 28 ] CVE-2016-6931
125	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931
126	[ 29 ] CVE-2016-6932
127	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932
128	[ 30 ] CVE-2016-6981
129	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981
130	[ 31 ] CVE-2016-6982
131	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982
132	[ 32 ] CVE-2016-6983
133	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983
134	[ 33 ] CVE-2016-6984
135	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984
136	[ 34 ] CVE-2016-6985
137	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985
138	[ 35 ] CVE-2016-6986
139	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986
140	[ 36 ] CVE-2016-6987
141	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987
142	[ 37 ] CVE-2016-6989
143	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989
144	[ 38 ] CVE-2016-6990
145	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990
146	[ 39 ] CVE-2016-6992
147	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992
148	[ 40 ] CVE-2016-7855
149	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855
150
151	Availability
152	============
153
154	This GLSA and any updates to it are available for viewing at
155	the Gentoo Security Website:
156
157	https://security.gentoo.org/glsa/201610-10
158
159	Concerns?
160	=========
161
162	Security is a primary focus of Gentoo Linux and ensuring the
163	confidentiality and security of our users' machines is of utmost
164	importance to us. Any security concerns should be addressed to
165	security@g.o or alternatively, you may file a bug at
166	https://bugs.gentoo.org.
167
168	License
169	=======
170
171	Copyright 2016 Gentoo Foundation, Inc; referenced text
172	belongs to its owner(s).
173
174	The contents of this document are licensed under the
175	Creative Commons - Attribution / Share Alike license.
176
177	http://creativecommons.org/licenses/by-sa/2.5