Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 557342 (CVE-2015-3107)

Summary: <www-plugins/adobe-flash-11.2.202.508: multiple vulnerabilities (CVE-2015-{3107,5124,5125,5127,5128,5129,5130,5131,5132,5133,5134,5539,5540,5541,5544,5545,5546,5547,5548,5549,5550,5551,5552,5553,5554,5555,5556,5557,5558,5559,5560,5561,5562,5563,5564})
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb15-19.html
Whiteboard: B2 [glsa cve]
Package list:
Runtime testing required: ---

Description Jeroen Roovers (RETIRED) gentoo-dev 2015-08-12 05:25:17 UTC 
CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564

Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.508
Targeted stable KEYWORDS : amd64 x86
Comment 1 Agostino Sarubbo gentoo-dev 2015-08-12 08:10:59 UTC 
amd64 stable
Comment 2 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-08-12 11:13:50 UTC 
x86 stable.

Please, cleanup!
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2015-08-15 04:42:45 UTC 
Arches and Maintainer(s), Thank you for your work.
Added to an existing GLSA Request.

Also the following was added to the URL above, adjusting accordingly:
August 12, 2015: Added a reference to CVE-2015-5565, a use-after-free issue similar to CVE-2015-3107.  A fix for CVE-2015-3107 was introduced in APSB15-11, and has been strengthened in APSB15-19.  Also, removed CVE-2015-5128, which was previously assessed to be a Type Confusion issue and has been re-classified as a non-exploitable crash due to a null pointer exception.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2015-08-15 12:00:42 UTC 
This issue was resolved and addressed in
 GLSA 201508-01 at https://security.gentoo.org/glsa/201508-01
by GLSA coordinator Yury German (BlueKnight).