554250 – (CVE-2014-0578) www-plugins/adobe-flash: Multiple vulnerabilities (CVE-2014-0578,CVE-2015-{3097,3114,3115,3116,3117,3118,3119,3120,3121,3122,3123,3124,3125,3126,3127,3128,3129,3130,3131,3132,3133,3134,3135,3136,3137,4428,4429,4430,4431,4432,4433,5116,5117,5118})

Bug 554250 (CVE-2014-0578) - www-plugins/adobe-flash: Multiple vulnerabilities (CVE-2014-0578,CVE-2015-{3097,3114,3115,3116,3117,3118,3119,3120,3121,3122,3123,3124,3125,3126,3127,3128,3129,3130,3131,3132,3133,3134,3135,3136,3137,4428,4429,4430,4431,4432,4433,5116,5117,5118})

Summary: www-plugins/adobe-flash: Multiple vulnerabilities (CVE-2014-0578,CVE-2015-{30...

Status:	RESOLVED FIXED

Alias:	CVE-2014-0578

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://helpx.adobe.com/security/prod...
Whiteboard:	A2 [glsa cleanup cve]
Keywords:

Duplicates (1):	554482 (view as bug list)
Depends on:	CVE-2015-5119
Blocks:
	Show dependency tree

Reported:	2015-07-08 16:57 UTC by Kristian Fiskerstrand (RETIRED)
Modified:	2015-07-11 10:16 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kristian Fiskerstrand (RETIRED) gentoo-dev

2015-07-08 16:57:59 UTC

From ${URL}:


Vulnerability Details

    These updates improve memory address randomization of the Flash heap for the Window 7 64-bit platform (CVE-2015-3097).
    These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118).
    These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431).
    These updates resolve null pointer dereference issues (CVE-2015-3126, CVE-2015-4429).
    These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3114).
    These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433).
    These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119).
    These updates resolve vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116).

Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev

2015-07-08 17:01:29 UTC

Also CVE-2015-5118, but summary is too long for it

Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.481 by visiting the Adobe Flash Player Download Center.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2015-07-10 08:28:50 UTC

CVE-2015-5118 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5118):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x
  through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481
  on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and
  Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2015-3135 and CVE-2015-4432.

CVE-2015-5117 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5117):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137,
  CVE-2015-4428, and CVE-2015-4430.

CVE-2015-5116 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5116):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy
  via unspecified vectors, a different vulnerability than CVE-2014-0578,
  CVE-2015-3115, CVE-2015-3116, and CVE-2015-3125.

CVE-2015-4433 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4433):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3119,
  CVE-2015-3120, CVE-2015-3121, and CVE-2015-3122.

CVE-2015-4432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4432):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x
  through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481
  on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and
  Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2015-3135 and CVE-2015-5118.

CVE-2015-4431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4431):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130,
  CVE-2015-3133, and CVE-2015-3134.

CVE-2015-4430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4430):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137,
  CVE-2015-4428, and CVE-2015-5117.

CVE-2015-4429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4429):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to cause a denial of service (NULL pointer
  dereference) or possibly have unspecified other impact via unknown vectors,
  a different vulnerability than CVE-2015-3126.

CVE-2015-4428 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4428):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3137 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3137):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3136 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3136):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3135 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3135):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x
  through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481
  on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and
  Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2015-4432 and CVE-2015-5118.

CVE-2015-3134 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3134):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130,
  CVE-2015-3133, and CVE-2015-4431.

CVE-2015-3133 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3133):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130,
  CVE-2015-3134, and CVE-2015-4431.

CVE-2015-3132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3132):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3131, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2015-07-10 08:29:17 UTC

CVE-2015-3131 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3131):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3130 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3130):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3133,
  CVE-2015-3134, and CVE-2015-4431.

CVE-2015-3129 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3129):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3128 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3128):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3129,
  CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3127 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3127):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3128, CVE-2015-3129,
  CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3126 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3126):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to cause a denial of service (NULL pointer
  dereference) or possibly have unspecified other impact via unknown vectors,
  a different vulnerability than CVE-2015-4429.

CVE-2015-3125 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3125):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy
  via unspecified vectors, a different vulnerability than CVE-2014-0578,
  CVE-2015-3115, CVE-2015-3116, and CVE-2015-5116.

CVE-2015-3124 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3124):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129,
  CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3123 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3123):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3117, CVE-2015-3130, CVE-2015-3133,
  CVE-2015-3134, and CVE-2015-4431.

CVE-2015-3122 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3122):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3119,
  CVE-2015-3120, CVE-2015-3121, and CVE-2015-4433.

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2015-07-10 08:29:41 UTC

CVE-2015-3121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3121):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3119,
  CVE-2015-3120, CVE-2015-3122, and CVE-2015-4433.

CVE-2015-3120 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3120):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3119,
  CVE-2015-3121, CVE-2015-3122, and CVE-2015-4433.

CVE-2015-3119 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3119):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3120,
  CVE-2015-3121, CVE-2015-3122, and CVE-2015-4433.

CVE-2015-3118 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3118):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129,
  CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3117 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3117):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3123, CVE-2015-3130, CVE-2015-3133,
  CVE-2015-3134, and CVE-2015-4431.

CVE-2015-3116 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3116):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy
  via unspecified vectors, a different vulnerability than CVE-2014-0578,
  CVE-2015-3115, CVE-2015-3125, and CVE-2015-5116.

CVE-2015-3115 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3115):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy
  via unspecified vectors, a different vulnerability than CVE-2014-0578,
  CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116.

CVE-2015-3114 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3114):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to bypass intended access restrictions and
  obtain sensitive information via unspecified vectors.

CVE-2014-0578 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0578):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy
  via unspecified vectors, a different vulnerability than CVE-2015-3115,
  CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116.

Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev

2015-07-10 08:30:21 UTC

new glsa request filed

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2015-07-10 12:57:06 UTC

This issue was resolved and addressed in
 GLSA 201507-13 at https://security.gentoo.org/glsa/201507-13
by GLSA coordinator Kristian Fiskerstrand (K_F).

Comment 7 Alex Legler (RETIRED) archtester

2015-07-11 10:16:16 UTC

*** Bug 554482 has been marked as a duplicate of this bug. ***