Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 532074 (CVE-2014-0580)

Summary: <www-plugins/adobe-flash-11.2.202.425 - multiple vulnerabilities (CVE-2014-{0580,0587,8443,9162,9163,9164})
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: desktop-misc
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://helpx.adobe.com/security/products/flash-player/apsb14-27.html
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 530692    

Description Jeroen Roovers (RETIRED) gentoo-dev 2014-12-09 19:47:40 UTC 
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.425
Targeted stable KEYWORDS : amd64 x86
Comment 1 Agostino Sarubbo gentoo-dev 2014-12-09 21:37:05 UTC 
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2014-12-09 21:37:19 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-12-10 08:34:22 UTC 
GLSA draft created
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-12-10 11:38:19 UTC 
Cleanup done by Jer.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-12-11 06:57:50 UTC 
CVE-2014-8443 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8443):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 and
  14.x through 16.x before 16.0.0.235 on Windows and OS X and before
  11.2.202.425 on Linux allows attackers to execute arbitrary code via
  unspecified vectors.

CVE-2014-9163 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9163):
  Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x
  and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on
  Linux allows attackers to execute arbitrary code via unspecified vectors, as
  exploited in the wild in December 2014.

CVE-2014-9164 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9164):
  Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235
  on Windows and OS X and before 11.2.202.425 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2014-0587.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-12-11 07:00:26 UTC 
This issue was resolved and addressed in
 GLSA 201412-07 at http://security.gentoo.org/glsa/glsa-201412-07.xml
by GLSA coordinator Sergey Popov (pinkbyte).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-12-28 22:46:36 UTC 
CVE-2014-0587 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0587):
  Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235
  on Windows and OS X and before 11.2.202.425 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2014-9164.

CVE-2014-0580 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0580):
  Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235
  on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers
  to bypass the Same Origin Policy via unspecified vectors.