Summary: | <www-plugins/adobe-flash-11.2.202.235: object confusion remote code execution vulnerability (CVE-2012-0779) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | desktop-misc, lack |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.adobe.com/support/security/bulletins/apsb12-09.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2012-05-04 14:41:03 UTC
Just bumped flash to 11.2.202.235. As usual, stabilize any time. Thanks, Jim. Arches, please test and mark stable: =www-plugins/adobe-flash-11.2.202.235 Target keywords : "amd64 x86" amd64: pass amd64 done. Thanks Elijah I'm can't see problems for x86, tried run under firefox and chromium: all well. Please mark stable. x86 stable, thanks Mikle. CVE-2012-0779 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779): Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012. Thanks, folks. Already in GLSA request. This issue was resolved and addressed in GLSA 201206-21 at http://security.gentoo.org/glsa/glsa-201206-21.xml by GLSA coordinator Sean Amoss (ackle). |