Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 537426 (CVE-2015-0311) - <www-plugins/adobe-flash- - remote code execution (CVE-2015-0311)
Summary: <www-plugins/adobe-flash- - remote code execution (CVE-2015-0311)
Alias: CVE-2015-0311
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal critical (vote)
Assignee: Gentoo Security
Whiteboard: A1 [glsa]
Depends on:
Reported: 2015-01-23 09:58 UTC by Chí-Thanh Christopher Nguyễn
Modified: 2015-02-06 19:28 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Chí-Thanh Christopher Nguyễn gentoo-dev 2015-01-23 09:58:20 UTC
Security Advisory for Adobe Flash Player

Release date: January 22, 2015

Vulnerability identifier: APSA15-01

CVE number: CVE-2015-0311

Platform: All Platforms

A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player and earlier versions for Windows, Macintosh and Linux.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below.

Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26.  

Affected software versions

    Adobe Flash Player and earlier versions for Windows and Macintosh
    Adobe Flash Player and earlier 13.x versions
    Adobe Flash Player and earlier versions for Linux

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Severity ratings

Adobe categorizes this as a critical vulnerability.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2015-01-26 08:52:55 UTC
There is a new version out there but versioned tarballs have not yet been made available.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2015-01-26 09:20:02 UTC
Meanwhile, the privileged people at Canonical get early access:
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2015-01-27 08:51:16 UTC
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : amd64 x86
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2015-01-27 08:53:32 UTC
CVE-2015-0311 (
  Unspecified vulnerability in Adobe Flash Player through and 14.x,
  15.x, and 16.x through on Windows and OS X and through on Linux allows remote attackers to execute arbitrary code via
  unknown vectors, as exploited in the wild in January 2015.
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-01-27 10:32:25 UTC
both arches are stable
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-01-27 10:36:31 UTC
Added to existing glsa draft.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2015-02-06 19:28:45 UTC
This issue was resolved and addressed in
 GLSA 201502-02 at
by GLSA coordinator Mikle Kolyada (Zlogene).