From $URL: A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. I am creating two bugs--one for www-plugins/adobe-flash, and one for app-text/acroread--so they can be stablized separately since Adobe is planning to release fixed software at different times.
They never cease to amaze do they?
Adobe has released 10.1.85.3. "Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1."
*** Bug 338529 has been marked as a duplicate of this bug. ***
CVE-2010-2884 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2884): Unspecified vulnerability in Adobe Flash Player 10.1.82.76 and earlier for Windows, Macintosh, Linux, Solaris; Flash Player 10.1.92.10 for Android; Reader 9.3.4 for Windows, Macintosh and UNIX; and Acrobat 9.3.4 and earlier for Windows and Macintosh allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, as exploited in the wild in September 2010.
Recent Updates September 27, 2010 — Flash Player "Square" has been updated to include the security enhancements described in Security Bulletin APSB10-22
Hi, lack, ping. Do you think you may have time to create a new ebuild for this? Copying adobe-flash-10.1.82.76-r1.ebuild to adobe-flash-10.1.85.3.ebuild was sufficient on my machine (amd64) to perform the upgrade. Thanks!
Sorry, sleeping at the switch :) The good news is that the updated "square" release from Sept 27 was already in the tree, and I hope most people are using that anyway, since it has a native 64-bit version again. But I have now bumped both the legacy version adobe-flash-9.0.283.0.ebuild And the official release adobe-flash-10.1.85.3 To complete our fix for this security vulnerability. Security team: Please feel free to request stable keywords for adobe-flash-10.1.85.3 at your convenience, no need to wait for any large amount of time for a binary bump like this. Also, don't bother stabilizing 9.0.283.0, it can stay in testing. Until the next time...
Thanks, Jim. Arches, please test and mark stable: =www-plugins/adobe-flash-10.1.85.3 Target keywords : "amd64 x86"
x86 stable
amd64 done
Thanks, folks. GLSA with bugs 332205 and 322855.
This is GLSA 201101-09; thank you.
