Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 510278 (CVE-2014-0510)

Summary: <www-plugins/adobe-flash-11.2.202.359 - multiple vulnerabilities (CVE-2014-{0510,0516,0517,0518,0519,0520})
Product: Gentoo Security Reporter: Jeroen Roovers <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: desktop-misc
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://helpx.adobe.com/security/products/flash-player/apsb14-14.html
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Jeroen Roovers gentoo-dev 2014-05-14 04:56:36 UTC
"Users of Adobe Flash Player 11.2.202.356 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.359."
Comment 1 Jeroen Roovers gentoo-dev 2014-05-14 05:02:08 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.359
Targeted stable KEYWORDS : amd64 x86
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-05-14 09:27:23 UTC
CVE-2014-0510 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0510):
  Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote
  attackers to execute arbitrary code and bypass a sandbox protection
  mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang
  Chen during a Pwn2Own competition at CanSecWest 2014.
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-05-14 09:35:51 UTC
amd64/x86 stable.

@jer, cleanup, please
Comment 4 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-05-14 09:40:12 UTC
glsa request filed.
Comment 5 Agostino Sarubbo gentoo-dev 2014-05-14 15:57:30 UTC
> Whiteboard: ?? [cleanup/glsa?] → B2 [cleanup/glsa]

adobe-flash is valuated as A
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-05-16 12:23:59 UTC
CVE-2014-0520 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0520):
  Adobe Flash Player before 13.0.0.214 on Windows and OS X and before
  11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK &
  Compiler before 13.0.0.111 allow attackers to bypass intended access
  restrictions via unspecified vectors, a different vulnerability than
  CVE-2014-0517, CVE-2014-0518, and CVE-2014-0519.

CVE-2014-0519 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0519):
  Adobe Flash Player before 13.0.0.214 on Windows and OS X and before
  11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK &
  Compiler before 13.0.0.111 allow attackers to bypass intended access
  restrictions via unspecified vectors, a different vulnerability than
  CVE-2014-0517, CVE-2014-0518, and CVE-2014-0520.

CVE-2014-0518 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0518):
  Adobe Flash Player before 13.0.0.214 on Windows and OS X and before
  11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK &
  Compiler before 13.0.0.111 allow attackers to bypass intended access
  restrictions via unspecified vectors, a different vulnerability than
  CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520.

CVE-2014-0517 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0517):
  Adobe Flash Player before 13.0.0.214 on Windows and OS X and before
  11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK &
  Compiler before 13.0.0.111 allow attackers to bypass intended access
  restrictions via unspecified vectors, a different vulnerability than
  CVE-2014-0518, CVE-2014-0519, and CVE-2014-0520.

CVE-2014-0516 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0516):
  Adobe Flash Player before 13.0.0.214 on Windows and OS X and before
  11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK &
  Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin
  Policy via unspecified vectors.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-06-10 10:00:41 UTC
This issue was resolved and addressed in
 GLSA 201406-08 at http://security.gentoo.org/glsa/glsa-201406-08.xml
by GLSA coordinator Mikle Kolyada (Zlogene).