Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 554250 (CVE-2014-0578)

Summary: www-plugins/adobe-flash: Multiple vulnerabilities (CVE-2014-0578,CVE-2015-{3097,3114,3115,3116,3117,3118,3119,3120,3121,3122,3123,3124,3125,3126,3127,3128,3129,3130,3131,3132,3133,3134,3135,3136,3137,4428,4429,4430,4431,4432,4433,5116,5117,5118})
Product: Gentoo Security Reporter: Kristian Fiskerstrand (RETIRED) <k_f>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: desktop-misc, jer, loxdegio
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
Whiteboard: A2 [glsa cleanup cve]
Package list:
Runtime testing required: ---
Bug Depends on: 554220    
Bug Blocks:    

Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-07-08 16:57:59 UTC
From ${URL}:


Vulnerability Details

    These updates improve memory address randomization of the Flash heap for the Window 7 64-bit platform (CVE-2015-3097).
    These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118).
    These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431).
    These updates resolve null pointer dereference issues (CVE-2015-3126, CVE-2015-4429).
    These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3114).
    These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433).
    These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119).
    These updates resolve vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116).
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-07-08 17:01:29 UTC
Also CVE-2015-5118, but summary is too long for it

Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.481 by visiting the Adobe Flash Player Download Center.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2015-07-10 08:28:50 UTC
CVE-2015-5118 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5118):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x
  through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481
  on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and
  Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2015-3135 and CVE-2015-4432.

CVE-2015-5117 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5117):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137,
  CVE-2015-4428, and CVE-2015-4430.

CVE-2015-5116 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5116):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy
  via unspecified vectors, a different vulnerability than CVE-2014-0578,
  CVE-2015-3115, CVE-2015-3116, and CVE-2015-3125.

CVE-2015-4433 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4433):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3119,
  CVE-2015-3120, CVE-2015-3121, and CVE-2015-3122.

CVE-2015-4432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4432):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x
  through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481
  on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and
  Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2015-3135 and CVE-2015-5118.

CVE-2015-4431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4431):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130,
  CVE-2015-3133, and CVE-2015-3134.

CVE-2015-4430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4430):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137,
  CVE-2015-4428, and CVE-2015-5117.

CVE-2015-4429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4429):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to cause a denial of service (NULL pointer
  dereference) or possibly have unspecified other impact via unknown vectors,
  a different vulnerability than CVE-2015-3126.

CVE-2015-4428 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4428):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3137 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3137):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3136 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3136):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3135 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3135):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x
  through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481
  on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and
  Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2015-4432 and CVE-2015-5118.

CVE-2015-3134 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3134):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130,
  CVE-2015-3133, and CVE-2015-4431.

CVE-2015-3133 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3133):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130,
  CVE-2015-3134, and CVE-2015-4431.

CVE-2015-3132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3132):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3131, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2015-07-10 08:29:17 UTC
CVE-2015-3131 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3131):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3129, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3130 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3130):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3133,
  CVE-2015-3134, and CVE-2015-4431.

CVE-2015-3129 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3129):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128,
  CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3128 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3128):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3129,
  CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3127 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3127):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3124, CVE-2015-3128, CVE-2015-3129,
  CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3126 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3126):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to cause a denial of service (NULL pointer
  dereference) or possibly have unspecified other impact via unknown vectors,
  a different vulnerability than CVE-2015-4429.

CVE-2015-3125 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3125):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy
  via unspecified vectors, a different vulnerability than CVE-2014-0578,
  CVE-2015-3115, CVE-2015-3116, and CVE-2015-5116.

CVE-2015-3124 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3124):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3118, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129,
  CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3123 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3123):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3117, CVE-2015-3130, CVE-2015-3133,
  CVE-2015-3134, and CVE-2015-4431.

CVE-2015-3122 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3122):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3119,
  CVE-2015-3120, CVE-2015-3121, and CVE-2015-4433.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2015-07-10 08:29:41 UTC
CVE-2015-3121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3121):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3119,
  CVE-2015-3120, CVE-2015-3122, and CVE-2015-4433.

CVE-2015-3120 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3120):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3119,
  CVE-2015-3121, CVE-2015-3122, and CVE-2015-4433.

CVE-2015-3119 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3119):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2015-3120,
  CVE-2015-3121, CVE-2015-3122, and CVE-2015-4433.

CVE-2015-3118 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3118):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and
  14.x through 18.x before 18.0.0.203 on Windows and OS X and before
  11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before
  18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers
  to execute arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129,
  CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428,
  CVE-2015-4430, and CVE-2015-5117.

CVE-2015-3117 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3117):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2015-3123, CVE-2015-3130, CVE-2015-3133,
  CVE-2015-3134, and CVE-2015-4431.

CVE-2015-3116 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3116):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy
  via unspecified vectors, a different vulnerability than CVE-2014-0578,
  CVE-2015-3115, CVE-2015-3125, and CVE-2015-5116.

CVE-2015-3115 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3115):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy
  via unspecified vectors, a different vulnerability than CVE-2014-0578,
  CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116.

CVE-2015-3114 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3114):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow attackers to bypass intended access restrictions and
  obtain sensitive information via unspecified vectors.

CVE-2014-0578 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0578):
  Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203
  on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before
  18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler
  before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy
  via unspecified vectors, a different vulnerability than CVE-2015-3115,
  CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116.
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-07-10 08:30:21 UTC
new glsa request filed
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2015-07-10 12:57:06 UTC
This issue was resolved and addressed in
 GLSA 201507-13 at https://security.gentoo.org/glsa/201507-13
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 7 Alex Legler (RETIRED) archtester gentoo-dev Security 2015-07-11 10:16:16 UTC
*** Bug 554482 has been marked as a duplicate of this bug. ***