Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Tim Sammut <underling@g.o>
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 201110-11 ] Adobe Flash Player: Multiple vulnerabilities
Date: Fri, 14 Oct 2011 00:01:08
Message-Id: 4E977A04.5030707@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201110-11
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Adobe Flash Player: Multiple vulnerabilities
9 Date: October 13, 2011
10 Bugs: #354207, #359019, #363179, #367031, #370215, #372899,
11 #378637, #384017
12 ID: 201110-11
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities in Adobe Flash Player might allow remote
20 attackers to execute arbitrary code or cause a Denial of Service.
21
22 Background
23 ==========
24
25 The Adobe Flash Player is a renderer for the SWF file format, which is
26 commonly used to provide interactive websites.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 www-plugins/adobe-flash < 10.3.183.10 >= 10.3.183.10
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in Adobe Flash Player.
40 Please review the CVE identifiers and Adobe Security Advisories and
41 Bulletins referenced below for details.
42
43 Impact
44 ======
45
46 By enticing a user to open a specially crafted SWF file a remote
47 attacker could cause a Denial of Service or the execution of arbitrary
48 code with the privileges of the user running the application.
49
50 Workaround
51 ==========
52
53 There is no known workaround at this time.
54
55 Resolution
56 ==========
57
58 All Adobe Flash Player users should upgrade to the latest version:
59
60 # emerge --sync
61 # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
62
63 References
64 ==========
65
66 [ 1 ] APSA11-01
67 http://www.adobe.com/support/security/advisories/apsa11-01.html
68 [ 2 ] APSA11-02
69 http://www.adobe.com/support/security/advisories/apsa11-02.html
70 [ 3 ] APSB11-02
71 http://www.adobe.com/support/security/bulletins/apsb11-02.html
72 [ 4 ] APSB11-12
73 http://www.adobe.com/support/security/bulletins/apsb11-12.html
74 [ 5 ] APSB11-13
75 http://www.adobe.com/support/security/bulletins/apsb11-13.html
76 [ 6 ] APSB11-21
77 https://www.adobe.com/support/security/bulletins/apsb11-21.html
78 [ 7 ] APSB11-26
79 https://www.adobe.com/support/security/bulletins/apsb11-26.html
80 [ 8 ] CVE-2011-0558
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558
82 [ 9 ] CVE-2011-0559
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559
84 [ 10 ] CVE-2011-0560
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560
86 [ 11 ] CVE-2011-0561
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561
88 [ 12 ] CVE-2011-0571
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571
90 [ 13 ] CVE-2011-0572
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572
92 [ 14 ] CVE-2011-0573
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573
94 [ 15 ] CVE-2011-0574
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574
96 [ 16 ] CVE-2011-0575
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575
98 [ 17 ] CVE-2011-0577
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577
100 [ 18 ] CVE-2011-0578
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578
102 [ 19 ] CVE-2011-0579
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579
104 [ 20 ] CVE-2011-0589
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589
106 [ 21 ] CVE-2011-0607
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607
108 [ 22 ] CVE-2011-0608
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608
110 [ 23 ] CVE-2011-0609
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609
112 [ 24 ] CVE-2011-0611
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611
114 [ 25 ] CVE-2011-0618
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618
116 [ 26 ] CVE-2011-0619
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619
118 [ 27 ] CVE-2011-0620
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620
120 [ 28 ] CVE-2011-0621
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621
122 [ 29 ] CVE-2011-0622
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622
124 [ 30 ] CVE-2011-0623
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623
126 [ 31 ] CVE-2011-0624
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624
128 [ 32 ] CVE-2011-0625
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625
130 [ 33 ] CVE-2011-0626
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626
132 [ 34 ] CVE-2011-0627
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627
134 [ 35 ] CVE-2011-0628
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628
136 [ 36 ] CVE-2011-2107
137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107
138 [ 37 ] CVE-2011-2110
139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110
140 [ 38 ] CVE-2011-2125
141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135
142 [ 39 ] CVE-2011-2130
143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130
144 [ 40 ] CVE-2011-2134
145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134
146 [ 41 ] CVE-2011-2136
147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136
148 [ 42 ] CVE-2011-2137
149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137
150 [ 43 ] CVE-2011-2138
151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138
152 [ 44 ] CVE-2011-2139
153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139
154 [ 45 ] CVE-2011-2140
155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140
156 [ 46 ] CVE-2011-2414
157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414
158 [ 47 ] CVE-2011-2415
159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415
160 [ 48 ] CVE-2011-2416
161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416
162 [ 49 ] CVE-2011-2417
163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417
164 [ 50 ] CVE-2011-2424
165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424
166 [ 51 ] CVE-2011-2425
167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425
168 [ 52 ] CVE-2011-2426
169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426
170 [ 53 ] CVE-2011-2427
171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427
172 [ 54 ] CVE-2011-2428
173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428
174 [ 55 ] CVE-2011-2429
175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429
176 [ 56 ] CVE-2011-2430
177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430
178 [ 57 ] CVE-2011-2444
179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
180
181 Availability
182 ============
183
184 This GLSA and any updates to it are available for viewing at
185 the Gentoo Security Website:
186
187 http://security.gentoo.org/glsa/glsa-201110-11.xml
188
189 Concerns?
190 =========
191
192 Security is a primary focus of Gentoo Linux and ensuring the
193 confidentiality and security of our users' machines is of utmost
194 importance to us. Any security concerns should be addressed to
195 security@g.o or alternatively, you may file a bug at
196 https://bugs.gentoo.org.
197
198 License
199 =======
200
201 Copyright 2011 Gentoo Foundation, Inc; referenced text
202 belongs to its owner(s).
203
204 The contents of this document are licensed under the
205 Creative Commons - Attribution / Share Alike license.
206
207 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups