Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 407023 (CVE-2012-0768)

Summary: <www-plugins/adobe-flash-11.1.102.63: Multiple vulnerabilities (CVE-2012-0768, CVE-2012-0769)
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: desktop-misc, king.infet, lack
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.adobe.com/support/security/bulletins/apsb12-05.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2012-03-05 21:06:26 UTC 
From $URL:

These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.7.
Comment 1 Tim Harder gentoo-dev 2012-03-06 03:47:36 UTC 
11.1.102.63 added to CVS.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-03-06 03:59:38 UTC 
Great, thank you.

Arches, please test and mark stable:
=www-plugins/adobe-flash-11.1.102.63
Target keywords : "amd64 x86"
Comment 3 Michael Harrison 2012-03-07 11:54:57 UTC 
amd64 ok
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2012-03-07 12:49:30 UTC 
x86: ok
Comment 5 Agostino Sarubbo gentoo-dev 2012-03-07 12:55:35 UTC 
amd64 stable
Comment 6 KinG-InFeT 2012-03-07 15:51:51 UTC 
x86 stable
Comment 7 Samuli Suominen (RETIRED) gentoo-dev 2012-03-07 15:52:49 UTC 
(In reply to comment #6)
> x86 stable

wrong, this is only said *after* you have committed the change in Portage which isn't the case here
Comment 8 Thomas Kahle (RETIRED) gentoo-dev 2012-03-07 16:35:57 UTC 
x86 done
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2012-03-07 16:39:31 UTC 
Thanks for doing this so quickly, everyone. Added to pending GLSA request.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2012-03-09 00:11:57 UTC 
CVE-2012-0769 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769):
  Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on
  Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and
  3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers,
  which allows attackers to obtain sensitive information via unspecified
  vectors.

CVE-2012-0768 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768):
  The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x
  before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before
  11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x
  allows attackers to execute arbitrary code or cause a denial of service
  (memory corruption) via unspecified vectors.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2012-04-17 23:47:13 UTC 
This issue was resolved and addressed in
 GLSA 201204-07 at http://security.gentoo.org/glsa/glsa-201204-07.xml
by GLSA coordinator Sean Amoss (ackle).