407023 – (CVE-2012-0768) <www-plugins/adobe-flash-11.1.102.63: Multiple vulnerabilities (CVE-2012-0768, CVE-2012-0769)

Bug 407023 (CVE-2012-0768) - <www-plugins/adobe-flash-11.1.102.63: Multiple vulnerabilities (CVE-2012-0768, CVE-2012-0769)

Summary: <www-plugins/adobe-flash-11.1.102.63: Multiple vulnerabilities (CVE-2012-0768...

Status:	RESOLVED FIXED

Alias:	CVE-2012-0768

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://www.adobe.com/support/securit...
Whiteboard:	B2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2012-03-05 21:06 UTC by Tim Sammut (RETIRED)
Modified:	2012-04-17 23:47 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Sammut (RETIRED) gentoo-dev

2012-03-05 21:06:26 UTC

From $URL:

These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.7.

Comment 1 Tim Harder gentoo-dev

2012-03-06 03:47:36 UTC

11.1.102.63 added to CVS.

Comment 2 Tim Sammut (RETIRED) gentoo-dev

2012-03-06 03:59:38 UTC

Great, thank you.

Arches, please test and mark stable:
=www-plugins/adobe-flash-11.1.102.63
Target keywords : "amd64 x86"

Comment 3 Michael Harrison 2012-03-07 11:54:57 UTC

amd64 ok

Comment 4 Mikle Kolyada (RETIRED) archtester

2012-03-07 12:49:30 UTC

x86: ok

Comment 5 Agostino Sarubbo gentoo-dev

2012-03-07 12:55:35 UTC

amd64 stable

Comment 6 KinG-InFeT 2012-03-07 15:51:51 UTC

x86 stable

Comment 7 Samuli Suominen (RETIRED) gentoo-dev

2012-03-07 15:52:49 UTC

(In reply to comment #6)
> x86 stable

wrong, this is only said *after* you have committed the change in Portage which isn't the case here

Comment 8 Thomas Kahle (RETIRED) gentoo-dev

2012-03-07 16:35:57 UTC

x86 done

Comment 9 Tim Sammut (RETIRED) gentoo-dev

2012-03-07 16:39:31 UTC

Thanks for doing this so quickly, everyone. Added to pending GLSA request.

Comment 10 GLSAMaker/CVETool Bot gentoo-dev

2012-03-09 00:11:57 UTC

CVE-2012-0769 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769):
  Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on
  Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and
  3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers,
  which allows attackers to obtain sensitive information via unspecified
  vectors.

CVE-2012-0768 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768):
  The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x
  before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before
  11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x
  allows attackers to execute arbitrary code or cause a denial of service
  (memory corruption) via unspecified vectors.

Comment 11 GLSAMaker/CVETool Bot gentoo-dev

2012-04-17 23:47:13 UTC

This issue was resolved and addressed in
 GLSA 201204-07 at http://security.gentoo.org/glsa/glsa-201204-07.xml
by GLSA coordinator Sean Amoss (ackle).