Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 384017 (CVE-2011-2426) - <www-plugins/adobe-flash-10.3.183.10: Multiple Vulnerabilities (CVE-2011-{2426,2427,2428,2429,2430,2444})
Summary: <www-plugins/adobe-flash-10.3.183.10: Multiple Vulnerabilities (CVE-2011-{242...
Status: RESOLVED FIXED
Alias: CVE-2011-2426
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.adobe.com/support/securit...
Whiteboard: B2 [glsa]
Keywords:
: 386209 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-09-21 20:45 UTC by Tim Sammut (RETIRED)
Modified: 2011-10-13 23:54 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-09-21 20:45:26 UTC
From the upstream advisory at $URL:

Summary

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.186.6 and earlier versions for Android.  These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

There are reports that one of these vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website.

Adobe recommends users of Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.10. Users of Adobe Flash Player for Android 10.3.186.6 and earlier versions should update to Adobe Flash Player for Android 10.3.186.7.
Comment 1 Jim Ramsay (lack) (RETIRED) gentoo-dev 2011-09-23 12:45:26 UTC
Ebuild complete, committed www-plugins/adobe-flash-10.3.183.10

As usual, no need to wait for stabilization, but please do not stabilize adobe-flash-11.*
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-09-23 14:42:01 UTC
(In reply to comment #1)
> Ebuild complete, committed www-plugins/adobe-flash-10.3.183.10
> 
> As usual, no need to wait for stabilization, but please do not stabilize
> adobe-flash-11.*

Thanks, Jim.

Arches, please test and mark stable:
=www-plugins/adobe-flash-10.3.183.10
Target keywords : "amd64 x86"
Comment 3 Elijah "Armageddon" El Lazkani (amd64 AT) 2011-09-23 16:17:10 UTC
amd64: pass
Comment 4 Jeff (JD) Horelick (RETIRED) gentoo-dev 2011-09-23 18:13:50 UTC
Archtested on x86: Everything fine
Comment 5 Agostino Sarubbo gentoo-dev 2011-09-23 19:48:17 UTC
amd64 ok
Comment 6 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-09-25 04:25:18 UTC
x86 stable, thanks JD
Comment 7 Tony Vroon (RETIRED) gentoo-dev 2011-09-25 14:41:42 UTC
+  25 Sep 2011; Tony Vroon <chainsaw@gentoo.org> adobe-flash-10.3.183.10.ebuild:
+  Marked stable on AMD64 based on arch testing by Elijah "Armageddon" El
+  Lazkani & Agostino "Ago" Sarubbo in bug #384017.

Security, please proceed with GLSA voting.
Comment 8 Agostino Sarubbo gentoo-dev 2011-09-25 15:13:43 UTC
(In reply to comment #7)
> Security, please proceed with GLSA voting.

B2 provides directly to glsa without vote.

@Alex / Tim: Please add the request as usual =)
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2011-09-26 16:43:35 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-10-09 23:46:24 UTC
*** Bug 386209 has been marked as a duplicate of this bug. ***
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2011-10-13 23:54:19 UTC
This issue was resolved and addressed in
 GLSA 201110-11 at http://security.gentoo.org/glsa/glsa-201110-11.xml
by GLSA coordinator Tim Sammut (underling).