Summary: | <www-plugins/adobe-flash-11.2.202.228: multiple vulnerabilities (CVE-2012-{0772,0773}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | desktop-misc, krinpaus, lack |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.adobe.com/support/security/bulletins/apsb12-07.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2012-03-28 14:26:38 UTC
Just checked in the new ebuild. As usual, feel free to stabilize as soon as you like. www-plugins/adobe-flash-11.2.202.223 Update: Turns out the latest version is actually 11.2.102.228. Please stabilize that one instead: =www-plugins/adobe-flash-11.2.202.228 Great, thank you. Arches, please test and mark stable: =www-plugins/adobe-flash-11.2.202.228 Target keywords : "amd64 x86" amd64 stable CVE-2012-0773 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773): The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2012-0772 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0772): An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors. I'm seeing major graphical corruption issues and all YouTube videos have a blue tint under this version of flash with nvidia GTX570 with x11-drivers/nvidia-drivers-290.10. No x86 signoff. (In reply to comment #6) > I'm seeing major graphical corruption issues and all YouTube videos have a > blue tint under this version of flash with nvidia GTX570 with > x11-drivers/nvidia-drivers-290.10. No x86 signoff. Adobe know this issue and will not fix it. You have to manually disable harware acceleration. Also it happens on amd64 too. See: https://bugbase.adobe.com/index.cfm?event=bug&id=3109467 (In reply to comment #7) > (In reply to comment #6) > > I'm seeing major graphical corruption issues and all YouTube videos have a > > blue tint under this version of flash with nvidia GTX570 with > > x11-drivers/nvidia-drivers-290.10. No x86 signoff. > > Adobe know this issue and will not fix it. You have to manually disable > harware acceleration. Also it happens on amd64 too. > > See: https://bugbase.adobe.com/index.cfm?event=bug&id=3109467 Somebody wrote a patch for libvdpau_trace which supresses this issue: http://plagman.net/stuff/0001-vdpau_trace-WAR-Flash-quirks.patch also see the first post here: http://www.nvnews.net/vbulletin/showthread.php?t=177380 x86 stable Thanks, everyone. Already in GLSA request. This issue was resolved and addressed in GLSA 201204-07 at http://security.gentoo.org/glsa/glsa-201204-07.xml by GLSA coordinator Sean Amoss (ackle). |