Summary: | <www-plugins/adobe-flash-11.2.202.621 - many vulnerabilities (CVE-2016-{4117,4121,4160,4161,4162,4163}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://helpx.adobe.com/security/products/flash-player/apsa16-02.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2016-05-10 18:13:42 UTC
The advisory has not been updated yet, but there is a new version out. Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.621 Targeted stable KEYWORDS : amd64 x86 amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Added to existing GLSA. CVE references are for Microsoft IE and Edge implementations. Removing. CVE-2016-4117 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117): Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016. CVE-2016-4121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4121): Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, and CVE-2016-4110. CVE-2016-4163 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4163): Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4162. CVE-2016-4162 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4162): Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4163. CVE-2016-4161 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4161): Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4162, and CVE-2016-4163. CVE-2016-4160 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4160): Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163. This issue was resolved and addressed in GLSA 201606-08 at https://security.gentoo.org/glsa/201606-08 by GLSA coordinator Kristian Fiskerstrand (K_F). |