From $URL : Description Two vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error can be exploited to cause a buffer overflow. NOTE: This vulnerability is currently being actively exploited in targeted attacks against the Windows version. 2) An unspecified error can be exploited to corrupt memory. NOTE: This vulnerability is currently being actively exploited in targeted attacks against the Macintosh and Windows versions. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are reported in the following versions: * Adobe Flash Player versions 11.5.502.146 and earlier for Windows and Macintosh * Adobe Flash Player versions 11.2.202.261 and earlier for Linux * Adobe Flash Player versions 11.1.115.36 and earlier for Android 4.x * Adobe Flash Player versions 11.1.111.31 and earlier for Android 3.x * Adobe Flash Player versions 11.5.31.137 and earlier for Chrome users * Adobe Flash Player versions 11.3.378.5 and earlier for Internet Explorer 10 users on Windows 8 Solution Update to a fixed version. Further details available to Secunia VIM customers Provided and/or discovered by 1, 2) Reported as 0-day. Original Advisory http://www.adobe.com/support/security/bulletins/apsb13-04.html http://blogs.adobe.com/psirt/2013/02/security-updates-available-for-adobe-flash-player-apsb13-04.html
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.262 Stable KEYWORDS : amd64 x86
amd64 stable
x86 stable security please file the glsa request.
CVE-2013-0634 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634): Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. CVE-2013-0633 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633): Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
This issue was resolved and addressed in GLSA 201309-06 at http://security.gentoo.org/glsa/glsa-201309-06.xml by GLSA coordinator Sean Amoss (ackle).