Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 532074 (CVE-2014-0580) - <www-plugins/adobe-flash-11.2.202.425 - multiple vulnerabilities (CVE-2014-{0580,0587,8443,9162,9163,9164})
Summary: <www-plugins/adobe-flash-11.2.202.425 - multiple vulnerabilities (CVE-2014-{0...
Status: RESOLVED FIXED
Alias: CVE-2014-0580
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://helpx.adobe.com/security/produ...
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks: CVE-2014-8439
  Show dependency tree
 
Reported: 2014-12-09 19:47 UTC by Jeroen Roovers (RETIRED)
Modified: 2014-12-28 22:46 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2014-12-09 19:47:40 UTC 
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.425
Targeted stable KEYWORDS : amd64 x86
Comment 1 Agostino Sarubbo gentoo-dev 2014-12-09 21:37:05 UTC 
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2014-12-09 21:37:19 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-12-10 08:34:22 UTC 
GLSA draft created
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-12-10 11:38:19 UTC 
Cleanup done by Jer.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-12-11 06:57:50 UTC 
CVE-2014-8443 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8443):
  Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 and
  14.x through 16.x before 16.0.0.235 on Windows and OS X and before
  11.2.202.425 on Linux allows attackers to execute arbitrary code via
  unspecified vectors.

CVE-2014-9163 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9163):
  Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x
  and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on
  Linux allows attackers to execute arbitrary code via unspecified vectors, as
  exploited in the wild in December 2014.

CVE-2014-9164 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9164):
  Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235
  on Windows and OS X and before 11.2.202.425 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2014-0587.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-12-11 07:00:26 UTC 
This issue was resolved and addressed in
 GLSA 201412-07 at http://security.gentoo.org/glsa/glsa-201412-07.xml
by GLSA coordinator Sergey Popov (pinkbyte).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-12-28 22:46:36 UTC 
CVE-2014-0587 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0587):
  Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235
  on Windows and OS X and before 11.2.202.425 on Linux allows attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  unspecified vectors, a different vulnerability than CVE-2014-9164.

CVE-2014-0580 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0580):
  Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235
  on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers
  to bypass the Same Origin Policy via unspecified vectors.