Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 546706 (CVE-2015-0346) - <www-plugins/adobe-flash-11.2.202.457: multiple vulnerabilities (CVE-2015-{0346,0347,0348,0349,0350,0351,0352,0353,0354,0355,0356,0357,0358,0359,0360,3038,3039,3040,3041,3042,3043,3044})
Summary: <www-plugins/adobe-flash-11.2.202.457: multiple vulnerabilities (CVE-2015-{03...
Status: RESOLVED FIXED
Alias: CVE-2015-0346
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-16 04:23 UTC by Jeroen Roovers (RETIRED)
Modified: 2015-04-17 15:33 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2015-04-16 04:23:10 UTC
"Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system."
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2015-04-16 04:25:04 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.457
Targeted stable KEYWORDS : amd64 x86
Comment 2 Agostino Sarubbo gentoo-dev 2015-04-16 07:23:05 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-04-16 07:23:19 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2015-04-17 05:50:34 UTC
Arches and Maintainer(s), Thank you for your work.

New GLSA Request filed.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2015-04-17 05:53:38 UTC
CVE-2015-3044 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3044):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  bypass intended access restrictions and obtain sensitive information via
  unspecified vectors.

CVE-2015-3043 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3043):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, as exploited in the wild in April 2015, a different
  vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,
  CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,
  CVE-2015-3041, and CVE-2015-3042.

CVE-2015-3042 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3042):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2015-0347,
  CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,
  CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043.

CVE-2015-3041 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3041):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2015-0347,
  CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,
  CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043.

CVE-2015-3040 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3040):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux does not properly
  restrict discovery of memory addresses, which allows attackers to bypass the
  ASLR protection mechanism via unspecified vectors, a different vulnerability
  than CVE-2015-0357.

CVE-2015-3039 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3039):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and
  14.x through 17.x before 17.0.0.169 on Windows and OS X and before
  11.2.202.457 on Linux allows attackers to execute arbitrary code via
  unspecified vectors, a different vulnerability than CVE-2015-0349,
  CVE-2015-0351, and CVE-2015-0358.

CVE-2015-3038 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3038):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2015-0347,
  CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,
  CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

CVE-2015-0360 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0360):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2015-0347,
  CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,
  CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

CVE-2015-0359 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0359):
  Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x
  through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457
  on Linux allows attackers to execute arbitrary code via unspecified vectors,
  a different vulnerability than CVE-2015-0346.

CVE-2015-0358 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0358):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and
  14.x through 17.x before 17.0.0.169 on Windows and OS X and before
  11.2.202.457 on Linux allows attackers to execute arbitrary code via
  unspecified vectors, a different vulnerability than CVE-2015-0349,
  CVE-2015-0351, and CVE-2015-3039.

CVE-2015-0357 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0357):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux does not properly
  restrict discovery of memory addresses, which allows attackers to bypass the
  ASLR protection mechanism via unspecified vectors, a different vulnerability
  than CVE-2015-3040.

CVE-2015-0356 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0356):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  execute arbitrary code by leveraging an unspecified "type confusion."

CVE-2015-0355 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0355):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2015-0347,
  CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0360,
  CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

CVE-2015-0354 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0354):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2015-0347,
  CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360,
  CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

CVE-2015-0353 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0353):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2015-0347,
  CVE-2015-0350, CVE-2015-0352, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,
  CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

CVE-2015-0352 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0352):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2015-0347,
  CVE-2015-0350, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,
  CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

CVE-2015-0351 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0351):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and
  14.x through 17.x before 17.0.0.169 on Windows and OS X and before
  11.2.202.457 on Linux allows attackers to execute arbitrary code via
  unspecified vectors, a different vulnerability than CVE-2015-0349,
  CVE-2015-0358, and CVE-2015-3039.

CVE-2015-0350 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0350):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2015-0347,
  CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,
  CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

CVE-2015-0349 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0349):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and
  14.x through 17.x before 17.0.0.169 on Windows and OS X and before
  11.2.202.457 on Linux allows attackers to execute arbitrary code via
  unspecified vectors, a different vulnerability than CVE-2015-0351,
  CVE-2015-0358, and CVE-2015-3039.

CVE-2015-0348 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0348):
  Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through
  17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux
  allows attackers to execute arbitrary code via unspecified vectors.

CVE-2015-0347 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0347):
  Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169
  on Windows and OS X and before 11.2.202.457 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2015-0350,
  CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,
  CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

CVE-2015-0346 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0346):
  Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x
  through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457
  on Linux allows attackers to execute arbitrary code via unspecified vectors,
  a different vulnerability than CVE-2015-0359.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2015-04-17 15:33:29 UTC
This issue was resolved and addressed in
 GLSA 201504-07 at https://security.gentoo.org/glsa/201504-07
by GLSA coordinator Mikle Kolyada (Zlogene).