Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 510278 (CVE-2014-0510) - <www-plugins/adobe-flash-11.2.202.359 - multiple vulnerabilities (CVE-2014-{0510,0516,0517,0518,0519,0520})
Summary: <www-plugins/adobe-flash-11.2.202.359 - multiple vulnerabilities (CVE-2014-{0...
Status: RESOLVED FIXED
Alias: CVE-2014-0510
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://helpx.adobe.com/security/produ...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-14 04:56 UTC by Jeroen Roovers (RETIRED)
Modified: 2014-06-10 10:00 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2014-05-14 04:56:36 UTC
"Users of Adobe Flash Player 11.2.202.356 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.359."
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2014-05-14 05:02:08 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.359
Targeted stable KEYWORDS : amd64 x86
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-05-14 09:27:23 UTC
CVE-2014-0510 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0510):
  Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote
  attackers to execute arbitrary code and bypass a sandbox protection
  mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang
  Chen during a Pwn2Own competition at CanSecWest 2014.
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-05-14 09:35:51 UTC
amd64/x86 stable.

@jer, cleanup, please
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-05-14 09:40:12 UTC
glsa request filed.
Comment 5 Agostino Sarubbo gentoo-dev 2014-05-14 15:57:30 UTC
> Whiteboard: ?? [cleanup/glsa?] → B2 [cleanup/glsa]

adobe-flash is valuated as A
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-05-16 12:23:59 UTC
CVE-2014-0520 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0520):
  Adobe Flash Player before 13.0.0.214 on Windows and OS X and before
  11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK &
  Compiler before 13.0.0.111 allow attackers to bypass intended access
  restrictions via unspecified vectors, a different vulnerability than
  CVE-2014-0517, CVE-2014-0518, and CVE-2014-0519.

CVE-2014-0519 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0519):
  Adobe Flash Player before 13.0.0.214 on Windows and OS X and before
  11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK &
  Compiler before 13.0.0.111 allow attackers to bypass intended access
  restrictions via unspecified vectors, a different vulnerability than
  CVE-2014-0517, CVE-2014-0518, and CVE-2014-0520.

CVE-2014-0518 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0518):
  Adobe Flash Player before 13.0.0.214 on Windows and OS X and before
  11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK &
  Compiler before 13.0.0.111 allow attackers to bypass intended access
  restrictions via unspecified vectors, a different vulnerability than
  CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520.

CVE-2014-0517 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0517):
  Adobe Flash Player before 13.0.0.214 on Windows and OS X and before
  11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK &
  Compiler before 13.0.0.111 allow attackers to bypass intended access
  restrictions via unspecified vectors, a different vulnerability than
  CVE-2014-0518, CVE-2014-0519, and CVE-2014-0520.

CVE-2014-0516 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0516):
  Adobe Flash Player before 13.0.0.214 on Windows and OS X and before
  11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK &
  Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin
  Policy via unspecified vectors.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-06-10 10:00:41 UTC
This issue was resolved and addressed in
 GLSA 201406-08 at http://security.gentoo.org/glsa/glsa-201406-08.xml
by GLSA coordinator Mikle Kolyada (Zlogene).