437808 – <www-plugins/adobe-flash-11.2.202.243 : Multiple Vulnerabilities (CVE-2012-{5248,5249,5250,5251,5252,5253,5254,5255,5256,5257,5258,5259,5260,5261,5262,5263,5264,5265,5266,5267,5268,5269,5270,5271,5272,5285,5286,5287,5673})

Bug 437808 - <www-plugins/adobe-flash-11.2.202.243 : Multiple Vulnerabilities (CVE-2012-{5248,5249,5250,5251,5252,5253,5254,5255,5256,5257,5258,5259,5260,5261,5262,5263,5264,5265,5266,5267,5268,5269,5270,5271,5272,5285,5286,5287,5673})

Summary: <www-plugins/adobe-flash-11.2.202.243 : Multiple Vulnerabilities (CVE-2012-{5...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://www.adobe.com/support/securit...
Whiteboard:	B2 [glsa]
Keywords:

Duplicates (1):	439216 (view as bug list)
Depends on:
Blocks:

Reported:	2012-10-10 09:32 UTC by pavel sanda
Modified:	2013-09-14 02:54 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description pavel sanda 2012-10-10 09:32:21 UTC

new security bump of adobe-flash is available, please bump.

Reproducible: Always

Comment 1 Agostino Sarubbo gentoo-dev

2012-10-10 12:29:55 UTC

See upstream advisory at $URL for more info.

Please bump 11.2.202.243

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2012-10-13 20:50:22 UTC

CVE-2012-5272 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272):
  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on
  Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on
  Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on
  Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before
  3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than other Flash Player memory corruption CVEs listed in
  APSB12-22.

CVE-2012-5271 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271):
  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on
  Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on
  Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on
  Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before
  3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than other Flash Player memory corruption CVEs listed in
  APSB12-22.

CVE-2012-5270 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270):
  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on
  Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on
  Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on
  Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before
  3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than other Flash Player memory corruption CVEs listed in
  APSB12-22.

CVE-2012-5269 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269):
  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on
  Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on
  Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on
  Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before
  3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than other Flash Player memory corruption CVEs listed in
  APSB12-22.

CVE-2012-5268 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268):
  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on
  Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on
  Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on
  Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before
  3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than other Flash Player memory corruption CVEs listed in
  APSB12-22.

CVE-2012-5267 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267):
  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on
  Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on
  Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on
  Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before
  3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than other Flash Player memory corruption CVEs listed in
  APSB12-22.

CVE-2012-5266 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5265 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5264 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5263 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263):
  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on
  Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on
  Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on
  Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before
  3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than other Flash Player memory corruption CVEs listed in
  APSB12-22.

CVE-2012-5262 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5261 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261):
  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on
  Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on
  Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on
  Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before
  3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than other Flash Player memory corruption CVEs listed in
  APSB12-22.

CVE-2012-5260 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5259 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5258 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258):
  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on
  Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on
  Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on
  Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before
  3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than other Flash Player memory corruption CVEs listed in
  APSB12-22.

CVE-2012-5257 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5256 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256):
  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on
  Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on
  Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on
  Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before
  3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than other Flash Player memory corruption CVEs listed in
  APSB12-22.

CVE-2012-5255 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5254 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5253 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5252 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252):
  Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on
  Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on
  Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on
  Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before
  3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than other Flash Player memory corruption CVEs listed in
  APSB12-22.

CVE-2012-5251 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5250 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5249 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5248 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2012-10-22 05:01:22 UTC

*** Bug 439216 has been marked as a duplicate of this bug. ***

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2012-10-22 05:29:32 UTC

Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.243
Stable KEYWORDS : amd64 x86

Comment 5 Agostino Sarubbo gentoo-dev

2012-10-22 08:35:40 UTC

x86 stable

Comment 6 Agostino Sarubbo gentoo-dev

2012-10-22 08:36:07 UTC

amd64 stable

Comment 7 Sean Amoss (RETIRED) gentoo-dev

2012-10-22 11:14:53 UTC

Thanks, everyone.

GLSA draft ready for review.

Comment 8 GLSAMaker/CVETool Bot gentoo-dev

2012-11-13 23:19:40 UTC

CVE-2012-5673 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5673):
  Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x
  before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x
  before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and
  before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe
  AIR SDK before 3.4.0.2710 has unknown impact and attack vectors.

CVE-2012-5287 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5287):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5286 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5286):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

CVE-2012-5285 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5285):
  Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before
  11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before
  11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before
  11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK
  before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified
  vectors, a different vulnerability than other Flash Player buffer overflow
  CVEs listed in APSB12-22.

Comment 9 GLSAMaker/CVETool Bot gentoo-dev

2013-09-14 02:54:36 UTC

This issue was resolved and addressed in
 GLSA 201309-06 at http://security.gentoo.org/glsa/glsa-201309-06.xml
by GLSA coordinator Sean Amoss (ackle).