Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386209

Summary: www-plugins/adobe-flash: multiple vulnerabilities (CVE-2011-{2426,2427,2428,2429,2430,2444})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: desktop-misc, lack
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 00:48:21 UTC 
CVE-2011-2444 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444):
  Cross-site scripting (XSS) vulnerability in Adobe Flash Player before
  10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7
  on Android, allows remote attackers to inject arbitrary web script or HTML
  via a crafted URL, related to a "universal cross-site scripting issue," as
  exploited in the wild in September 2011.

CVE-2011-2430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430):
  Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and
  Solaris, and before 10.3.186.7 on Android, allows remote attackers to
  execute arbitrary code via crafted streaming media, related to a "logic
  error vulnerability."

CVE-2011-2429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429):
  Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and
  Solaris, and before 10.3.186.7 on Android, allows attackers to bypass
  intended access restrictions and obtain sensitive information via
  unspecified vectors, related to a "security control bypass."

CVE-2011-2428 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428):
  Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and
  Solaris, and before 10.3.186.7 on Android, allows attackers to execute
  arbitrary code or cause a denial of service (browser crash) via unspecified
  vectors, related to a "logic error issue."

CVE-2011-2427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427):
  Stack-based buffer overflow in the ActionScript Virtual Machine (AVM)
  component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X,
  Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to
  execute arbitrary code or cause a denial of service via unspecified vectors.

CVE-2011-2426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426):
  Stack-based buffer overflow in the ActionScript Virtual Machine (AVM)
  component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X,
  Linux, and Solaris, and before 10.3.186.7 on Android, allows remote
  attackers to execute arbitrary code via unspecified vectors.
Comment 1 Jim Ramsay (lack) (RETIRED) gentoo-dev 2011-10-09 23:41:52 UTC 
I believe these have already been addressed - 10.3.183.10 is already in the tree and stable for both amd64 and x86.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-10-09 23:46:24 UTC 
(In reply to comment #1)
> I believe these have already been addressed - 10.3.183.10 is already in the
> tree and stable for both amd64 and x86.

You're correct. Thanks and sorry for the bugspam.

*** This bug has been marked as a duplicate of bug 384017 ***