Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 549388 (CVE-2015-3044) - <www-plugins/adobe-flash-11.2.202.460 - multiple vulnerabilities (CVE-2015-{3044,3077,3078,3079,3080,3081,3082,3083,3084,3085,3086,3087,3088,3089,3090,3091,3092,3093})
Summary: <www-plugins/adobe-flash-11.2.202.460 - multiple vulnerabilities (CVE-2015-{3...
Status: RESOLVED FIXED
Alias: CVE-2015-3044
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-13 16:07 UTC by Jeroen Roovers (RETIRED)
Modified: 2015-06-14 20:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2015-05-13 16:07:33 UTC
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2015-05-13 16:08:57 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.460
Targeted stable KEYWORDS : amd64 x86
Comment 2 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-05-14 08:49:32 UTC
amd64 stable
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-05-14 08:50:11 UTC
x86 stable
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2015-05-31 19:16:22 UTC
This issue was resolved and addressed in
 GLSA 201505-02 at https://security.gentoo.org/glsa/201505-02
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2015-06-14 20:39:53 UTC
CVE-2015-3093 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3093):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3090.

CVE-2015-3092 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3092):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 do not properly restrict discovery of memory addresses,
  which allows attackers to bypass the ASLR protection mechanism via
  unspecified vectors, a different vulnerability than CVE-2015-3091.

CVE-2015-3091 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3091):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 do not properly restrict discovery of memory addresses,
  which allows attackers to bypass the ASLR protection mechanism via
  unspecified vectors, a different vulnerability than CVE-2015-3092.

CVE-2015-3090 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3090):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093.

CVE-2015-3089 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3089):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3078, CVE-2015-3090, and CVE-2015-3093.

CVE-2015-3088 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3088):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x
  through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460
  on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and
  Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute
  arbitrary code via unspecified vectors.

CVE-2015-3087 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3087):
  Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through
  17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux,
  Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR
  SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code
  via unspecified vectors.

CVE-2015-3086 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3086):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3077
  and CVE-2015-3084.

CVE-2015-3085 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3085):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 allow remote attackers to bypass intended restrictions on
  filesystem write operations via unspecified vectors, a different
  vulnerability than CVE-2015-3082 and CVE-2015-3083.

CVE-2015-3084 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3084):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3077
  and CVE-2015-3086.

CVE-2015-3083 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3083):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 allow remote attackers to bypass intended restrictions on
  filesystem write operations via unspecified vectors, a different
  vulnerability than CVE-2015-3082 and CVE-2015-3085.

CVE-2015-3082 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3082):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 allow remote attackers to bypass intended restrictions on
  filesystem write operations via unspecified vectors, a different
  vulnerability than CVE-2015-3083 and CVE-2015-3085.

CVE-2015-3081 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3081):
  Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x
  before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux,
  Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR
  SDK & Compiler before 17.0.0.172 allows attackers to bypass the Internet
  Explorer Protected Mode protection mechanism via unspecified vectors.

CVE-2015-3080 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3080):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and
  14.x through 17.x before 17.0.0.188 on Windows and OS X and before
  11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before
  17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers
  to execute arbitrary code via unspecified vectors.

CVE-2015-3079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3079):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 allow attackers to bypass intended access restrictions and
  obtain sensitive information via unspecified vectors.

CVE-2015-3078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3078):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3089, CVE-2015-3090, and CVE-2015-3093.

CVE-2015-3077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3077):
  Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188
  on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before
  17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler
  before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3084
  and CVE-2015-3086.