Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 529088 (CVE-2014-0573) - <www-plugins/adobe-flash-11.2.202.418 -multiple vulnerabilities (CVE-2014-{0573,0574,0576,0577,0581,0582,0583,0584,0585,0586,0588,0589,0590,8437,8438,8440,8441,8442})
Summary: <www-plugins/adobe-flash-11.2.202.418 -multiple vulnerabilities (CVE-2014-{05...
Status: RESOLVED FIXED
Alias: CVE-2014-0573
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://helpx.adobe.com/security/produ...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-11-12 20:11 UTC by Jeroen Roovers (RETIRED)
Modified: 2014-11-21 12:35 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2014-11-12 20:11:14 UTC
CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2014-11-12 20:14:49 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.418
Targeted stable KEYWORDS : amd64 x86
Comment 2 Agostino Sarubbo gentoo-dev 2014-11-13 09:51:57 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2014-11-13 09:52:39 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-11-16 14:56:45 UTC
New GLSA request filed
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-11-16 14:58:54 UTC
Changing whiteboard to reflect that cleanup was done on
13 Nov 2014 by Jeroen Roovers <jer@gentoo.org>

Thanks!
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-11-16 15:06:18 UTC
CVE-2014-8441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8441):
  Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on
  Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before
  15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler
  before 15.0.0.356 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440.

CVE-2014-8440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8440):
  Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on
  Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before
  15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler
  before 15.0.0.356 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.

CVE-2014-8438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8438):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and
  14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418
  on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and
  Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2014-0573 and CVE-2014-0588.

CVE-2014-0590 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0590):
  Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on
  Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before
  15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler
  before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2014-0577,
  CVE-2014-0584, CVE-2014-0585, and CVE-2014-0586.

CVE-2014-0589 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0589):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x
  and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on
  Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and
  Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2014-0582.

CVE-2014-0588 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0588):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and
  14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418
  on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and
  Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2014-0573 and CVE-2014-8438.

CVE-2014-0586 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0586):
  Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on
  Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before
  15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler
  before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2014-0577,
  CVE-2014-0584, CVE-2014-0585, and CVE-2014-0590.

CVE-2014-0585 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0585):
  Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on
  Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before
  15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler
  before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2014-0577,
  CVE-2014-0584, CVE-2014-0586, and CVE-2014-0590.

CVE-2014-0584 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0584):
  Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on
  Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before
  15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler
  before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2014-0577,
  CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590.

CVE-2014-0583 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0583):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x
  and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on
  Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and
  Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a
  transition from Low Integrity to Medium Integrity via unspecified vectors.

CVE-2014-0582 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0582):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x
  and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on
  Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and
  Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2014-0589.

CVE-2014-0581 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0581):
  Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on
  Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before
  15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler
  before 15.0.0.356 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2014-0576, CVE-2014-8440, and CVE-2014-8441.

CVE-2014-0577 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0577):
  Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on
  Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before
  15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler
  before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion," a different vulnerability than CVE-2014-0584,
  CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590.

CVE-2014-0576 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0576):
  Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on
  Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before
  15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler
  before 15.0.0.356 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2014-0581, CVE-2014-8440, and CVE-2014-8441.

CVE-2014-0574 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0574):
  Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x
  and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on
  Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and
  Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute
  arbitrary code via unspecified vectors.

CVE-2014-0573 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0573):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and
  14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418
  on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and
  Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2014-0588 and CVE-2014-8438.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-11-21 12:35:27 UTC
This issue was resolved and addressed in
 GLSA 201411-06 at http://security.gentoo.org/glsa/glsa-201411-06.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).