Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386209 - www-plugins/adobe-flash: multiple vulnerabilities (CVE-2011-{2426,2427,2428,2429,2430,2444})
Summary: www-plugins/adobe-flash: multiple vulnerabilities (CVE-2011-{2426,2427,2428,2...
Status: RESOLVED DUPLICATE of bug 384017
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-08 00:48 UTC by GLSAMaker/CVETool Bot
Modified: 2011-10-09 23:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 00:48:21 UTC 
CVE-2011-2444 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444):
  Cross-site scripting (XSS) vulnerability in Adobe Flash Player before
  10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7
  on Android, allows remote attackers to inject arbitrary web script or HTML
  via a crafted URL, related to a "universal cross-site scripting issue," as
  exploited in the wild in September 2011.

CVE-2011-2430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430):
  Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and
  Solaris, and before 10.3.186.7 on Android, allows remote attackers to
  execute arbitrary code via crafted streaming media, related to a "logic
  error vulnerability."

CVE-2011-2429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429):
  Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and
  Solaris, and before 10.3.186.7 on Android, allows attackers to bypass
  intended access restrictions and obtain sensitive information via
  unspecified vectors, related to a "security control bypass."

CVE-2011-2428 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428):
  Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and
  Solaris, and before 10.3.186.7 on Android, allows attackers to execute
  arbitrary code or cause a denial of service (browser crash) via unspecified
  vectors, related to a "logic error issue."

CVE-2011-2427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427):
  Stack-based buffer overflow in the ActionScript Virtual Machine (AVM)
  component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X,
  Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to
  execute arbitrary code or cause a denial of service via unspecified vectors.

CVE-2011-2426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426):
  Stack-based buffer overflow in the ActionScript Virtual Machine (AVM)
  component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X,
  Linux, and Solaris, and before 10.3.186.7 on Android, allows remote
  attackers to execute arbitrary code via unspecified vectors.
Comment 1 Jim Ramsay (lack) (RETIRED) gentoo-dev 2011-10-09 23:41:52 UTC 
I believe these have already been addressed - 10.3.183.10 is already in the tree and stable for both amd64 and x86.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-10-09 23:46:24 UTC 
(In reply to comment #1)
> I believe these have already been addressed - 10.3.183.10 is already in the
> tree and stable for both amd64 and x86.

You're correct. Thanks and sorry for the bugspam.

*** This bug has been marked as a duplicate of bug 384017 ***