Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 500313 (CVE-2014-0497) - <www-plugins/adobe-flash-11.2.202.336 - Arbitrary code execution via integer underflow (CVE-2014-0497)
Summary: <www-plugins/adobe-flash-11.2.202.336 - Arbitrary code execution via integer ...
Status: RESOLVED FIXED
Alias: CVE-2014-0497
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://helpx.adobe.com/security/produ...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-04 21:56 UTC by Jeroen Roovers (RETIRED)
Modified: 2014-02-06 11:37 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2014-02-04 21:56:28 UTC
"Adobe has released security updates for Adobe Flash Player 12.0.0.43 and
    earlier versions for Windows and Macintosh and Adobe Flash Player
    11.2.202.335 and earlier versions for Linux. These updates address a critical
    vulnerability that could potentially allow an attacker to remotely take
    control of the affected system."
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2014-02-04 21:59:10 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.336
Targeted stable KEYWORDS : amd64 x86
Comment 2 Agostino Sarubbo gentoo-dev 2014-02-06 06:05:22 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2014-02-06 06:05:41 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-02-06 10:39:54 UTC
CVE-2014-0497 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0497):
  Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x
  through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before
  11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via
  unspecified vectors.
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-02-06 10:45:29 UTC
Added to existing glsa draft.
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-02-06 10:46:36 UTC
Cleanup done by jer
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-02-06 11:37:33 UTC
This issue was resolved and addressed in
 GLSA 201402-06 at http://security.gentoo.org/glsa/glsa-201402-06.xml
by GLSA coordinator Mikle Kolyada (Zlogene).