Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 493894 (CVE-2013-5331) - <www-plugins/adobe-flash-11.2.202.332 : Remote code execution using malicious Flash content (CVE-2013-{5331,5332})
Summary: <www-plugins/adobe-flash-11.2.202.332 : Remote code execution using malicious...
Status: RESOLVED FIXED
Alias: CVE-2013-5331
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://helpx.adobe.com/security/produ...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-11 01:53 UTC by Jeroen Roovers (RETIRED)
Modified: 2014-02-06 11:37 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2013-12-11 01:53:17 UTC
"Users of Adobe Flash Player 11.2.202.327 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.332."

Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.332
Targeted stable KEYWORDS : amd64 x86
Comment 1 Agostino Sarubbo gentoo-dev 2013-12-11 08:48:54 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2013-12-11 08:49:08 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2013-12-11 13:49:40 UTC
# ChangeLog for www-plugins/adobe-flash
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/www-plugins/adobe-flash/ChangeLog,v 1.226 2013/12/11 08:49:03 ago Exp $

  11 Dec 2013; Agostino Sarubbo <ago@gentoo.org> Manifest:
  Stable for x86, wrt bug #493894

Something went wrong. But I fixed it for you.
Comment 4 Sergey Popov gentoo-dev 2013-12-12 07:27:21 UTC
Thanks for your work. Cleanup was done earlier. Added to existing GLSA draft
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-12-12 15:02:04 UTC
CVE-2013-5332 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5332):
  Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before
  11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe
  AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK &
  Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or
  cause a denial of service (memory corruption) via unspecified vectors.

CVE-2013-5331 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5331):
  Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before
  11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe
  AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK &
  Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code
  via crafted .swf content that leverages an unspecified "type confusion," as
  exploited in the wild in December 2013.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-02-06 11:37:28 UTC
This issue was resolved and addressed in
 GLSA 201402-06 at http://security.gentoo.org/glsa/glsa-201402-06.xml
by GLSA coordinator Mikle Kolyada (Zlogene).