Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 525430 (CVE-2014-0558)

Summary: <www-plugins/adobe-flash-11.2.202.411: multiple vulnerabilities (CVE-2014-{0558,0564,0569})
Product: Gentoo Security Reporter: Matt <jackdachef>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: jer
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Matt 2014-10-14 19:16:21 UTC
Security updates available for Adobe Flash Player
Release date: October 14, 2014

Vulnerability identifier: APSB14-22

Priority: See table below

CVE number: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569

Platform: All Platforms


http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
http://www.mail-archive.com/precise-changes@lists.ubuntu.com/msg22750.html
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2014-10-15 08:03:03 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.411
Targeted stable KEYWORDS : amd64 x86
Comment 2 Agostino Sarubbo gentoo-dev 2014-10-15 19:02:49 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2014-10-15 19:03:48 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-11-05 21:47:50 UTC
CVE-2014-0569 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0569):
  Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x
  before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux,
  Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR
  SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code
  via unspecified vectors.

CVE-2014-0564 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0564):
  Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on
  Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before
  15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler
  before 15.0.0.302 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2014-0558.

CVE-2014-0558 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0558):
  Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on
  Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before
  15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler
  before 15.0.0.302 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2014-0564.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2014-11-05 21:53:05 UTC
Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA request.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-11-21 12:35:20 UTC
This issue was resolved and addressed in
 GLSA 201411-06 at http://security.gentoo.org/glsa/glsa-201411-06.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).