Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201603-07 ] Adobe Flash Player: Multiple vulnerabilities
Date: Sat, 12 Mar 2016 11:37:35
Message-Id: 56E3FE8E.4090200@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201603-07
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Adobe Flash Player: Multiple vulnerabilities
9 Date: March 12, 2016
10 Bugs: #574284, #576980
11 ID: 201603-07
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Adobe Flash Player, the
19 worst of which allows remote attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 The Adobe Flash Player is a renderer for the SWF file format, which is
25 commonly used to provide interactive websites.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-plugins/adobe-flash < 11.2.202.577 >= 11.2.202.577
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Adobe Flash Player.
39 Please review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could possibly execute arbitrary code with the
45 privileges of the process, cause a Denial of Service condition, obtain
46 sensitive information, or bypass security restrictions.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All Adobe Flash Player users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2016-0960
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960
66 [ 2 ] CVE-2016-0961
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961
68 [ 3 ] CVE-2016-0962
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962
70 [ 4 ] CVE-2016-0963
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963
72 [ 5 ] CVE-2016-0964
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964
74 [ 6 ] CVE-2016-0965
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965
76 [ 7 ] CVE-2016-0966
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966
78 [ 8 ] CVE-2016-0967
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967
80 [ 9 ] CVE-2016-0968
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968
82 [ 10 ] CVE-2016-0969
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969
84 [ 11 ] CVE-2016-0970
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970
86 [ 12 ] CVE-2016-0971
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971
88 [ 13 ] CVE-2016-0972
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972
90 [ 14 ] CVE-2016-0973
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973
92 [ 15 ] CVE-2016-0974
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974
94 [ 16 ] CVE-2016-0975
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975
96 [ 17 ] CVE-2016-0976
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976
98 [ 18 ] CVE-2016-0977
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977
100 [ 19 ] CVE-2016-0978
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978
102 [ 20 ] CVE-2016-0979
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979
104 [ 21 ] CVE-2016-0980
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980
106 [ 22 ] CVE-2016-0981
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981
108 [ 23 ] CVE-2016-0982
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982
110 [ 24 ] CVE-2016-0983
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983
112 [ 25 ] CVE-2016-0984
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984
114 [ 26 ] CVE-2016-0985
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985
116 [ 27 ] CVE-2016-0986
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986
118 [ 28 ] CVE-2016-0987
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987
120 [ 29 ] CVE-2016-0988
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988
122 [ 30 ] CVE-2016-0989
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989
124 [ 31 ] CVE-2016-0990
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990
126 [ 32 ] CVE-2016-0991
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991
128 [ 33 ] CVE-2016-0992
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992
130 [ 34 ] CVE-2016-0993
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993
132 [ 35 ] CVE-2016-0994
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994
134 [ 36 ] CVE-2016-0995
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995
136 [ 37 ] CVE-2016-0996
137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996
138 [ 38 ] CVE-2016-0997
139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997
140 [ 39 ] CVE-2016-0998
141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998
142 [ 40 ] CVE-2016-0999
143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999
144 [ 41 ] CVE-2016-1000
145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000
146 [ 42 ] CVE-2016-1001
147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001
148 [ 43 ] CVE-2016-1002
149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002
150 [ 44 ] CVE-2016-1005
151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005
152 [ 45 ] CVE-2016-1010
153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010
154
155 Availability
156 ============
157
158 This GLSA and any updates to it are available for viewing at
159 the Gentoo Security Website:
160
161 https://security.gentoo.org/glsa/201603-07
162
163 Concerns?
164 =========
165
166 Security is a primary focus of Gentoo Linux and ensuring the
167 confidentiality and security of our users' machines is of utmost
168 importance to us. Any security concerns should be addressed to
169 security@g.o or alternatively, you may file a bug at
170 https://bugs.gentoo.org.
171
172 License
173 =======
174
175 Copyright 2016 Gentoo Foundation, Inc; referenced text
176 belongs to its owner(s).
177
178 The contents of this document are licensed under the
179 Creative Commons - Attribution / Share Alike license.
180
181 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups