From secunia advisory at $URL: Description Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to gain knowledge of potentially sensitive information or compromise a user's system. 1) An unspecified error can be exploited to corrupt memory. 2) An unspecified error can be exploited to corrupt memory. 3) An unspecified error can be exploited to corrupt memory. 4) An unspecified error can be exploited to corrupt memory. 5) An integer overflow error can be exploited to corrupt memory. 6) An error can lead to cross-domain information leaks. The vulnerabilities are reported in the following versions: * Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh, and Linux
Do we have confirmation that 11.2.202.238 is impacted by these? The upstream advisory states: Adobe recommends users update their product installations to the latest versions: - Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.238. This, to me, either means 11.2.202.238 is the best available but affected, or the release versioning is not completely ordered numerically and 11.2.202.238 is not affected.
(In reply to comment #1) > Do we have confirmation that 11.2.202.238 is impacted by these? The upstream > advisory states: > > Adobe recommends users update their product installations to the latest > versions: > - Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux > should update to Adobe Flash Player 11.2.202.238. > > This, to me, either means 11.2.202.238 is the best available but affected, > or the release versioning is not completely ordered numerically and > 11.2.202.238 is not affected. Adobe usually, when there isn't a fixed version does not says to update to version $x, so probably those vulnerabilities are fixed in 11.2.202.238 but discovered or announced not at same time of CVE-2012-1535(we need only glsa). What do you think about?
(In reply to comment #2) > > [..] > > This, to me, either means 11.2.202.238 is the best available but affected, > > or the release versioning is not completely ordered numerically and > > 11.2.202.238 is not affected. > > Adobe usually, when there isn't a fixed version does not says to update to > version $x, so probably those vulnerabilities are fixed in 11.2.202.238 but > discovered or announced not at same time of CVE-2012-1535(we need only glsa). > > What do you think about? ... what?
(In reply to comment #3) > ... what? What you did not understand?
I sent a note to the Adobe PSIRT and will loopback here if they respond.
CVE-2012-4168 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4168): Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site. CVE-2012-4167 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4167): Integer overflow in Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allows attackers to execute arbitrary code via unspecified vectors. CVE-2012-4166 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4166): Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163, CVE-2012-4164, and CVE-2012-4165. CVE-2012-4165 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4165): Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163, CVE-2012-4164, and CVE-2012-4166. CVE-2012-4164 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4164): Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163, CVE-2012-4165, and CVE-2012-4166. CVE-2012-4163 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4163): Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4164, CVE-2012-4165, and CVE-2012-4166.
Adobe has updated their advisory: https://www.adobe.com/support/security/bulletins/apsb12-19.html We stabilized a fixed version via bug 431432. Moving to GLSA so that we can capture these CVEs in the GLSA, and added to the existing GLSA request.
This issue was resolved and addressed in GLSA 201209-01 at http://security.gentoo.org/glsa/glsa-201209-01.xml by GLSA coordinator Sean Amoss (ackle).
CVE-2012-5054 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5054): Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.