Summary: | <www-plugins/adobe-flash-11.2.202.440 - remote code execution (CVE-2015-0311) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Chí-Thanh Christopher Nguyễn <chithanh> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | alex, desktop-misc, jackdachef, jer |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://helpx.adobe.com/security/products/flash-player/apsa15-01.html | ||
Whiteboard: | A1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Chí-Thanh Christopher Nguyễn
2015-01-23 09:58:20 UTC
There is a new version out there but versioned tarballs have not yet been made available. https://www.adobe.com/products/flashplayer/distribution3.html Meanwhile, the privileged people at Canonical get early access: http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_11.2.202.440.orig.tar.gz Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.440 Targeted stable KEYWORDS : amd64 x86 CVE-2015-0311 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0311): Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. both arches are stable Added to existing glsa draft. This issue was resolved and addressed in GLSA 201502-02 at http://security.gentoo.org/glsa/glsa-201502-02.xml by GLSA coordinator Mikle Kolyada (Zlogene). |