Summary: | <www-plugins/adobe-flash-11.2.202.275: multiple vulnerabilities (CVE-2013-{0646,0650,1371,1375}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | shimi <gentoo-bugzilla> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | desktop-misc, lack |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.adobe.com/support/security/bulletins/apsb13-09.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
shimi
2013-03-13 05:00:07 UTC
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.275 Stable KEYWORDS : amd64 x86 amd64 stable x86 stable Adding to existing GLSA draft. CVE-2013-1375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375): Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. CVE-2013-1371 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371): Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2013-0650 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650): Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. CVE-2013-0646 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646): Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. This issue was resolved and addressed in GLSA 201309-06 at http://security.gentoo.org/glsa/glsa-201309-06.xml by GLSA coordinator Sean Amoss (ackle). |