Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 552946 (CVE-2015-3113) - <www-plugins/adobe-flash-11.2.202.468 - heap buffer overflow (CVE-2015-3113)
Summary: <www-plugins/adobe-flash-11.2.202.468 - heap buffer overflow (CVE-2015-3113)
Status: RESOLVED FIXED
Alias: CVE-2015-3113
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-23 17:54 UTC by rypervenche
Modified: 2015-07-10 12:56 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description rypervenche 2015-06-23 17:54:18 UTC
It looks as though there is a security vulnerability in this version.

CVE-2015-3113:
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html

I believe simply changing the version number will work for this :)
Comment 1 Jeroen Roovers gentoo-dev 2015-06-24 04:24:05 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.468
Targeted stable KEYWORDS : amd64 x86
Comment 2 Agostino Sarubbo gentoo-dev 2015-06-26 08:06:20 UTC
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-06-26 08:06:46 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2015-06-30 00:11:14 UTC
CVE-2015-3113 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3113):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x
  through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468
  on Linux allows remote attackers to execute arbitrary code via unspecified
  vectors, as exploited in the wild in June 2015.
Comment 5 Sergey Popov gentoo-dev 2015-07-01 09:46:12 UTC
Cleanup was done by maintainer

GLSA request filed
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2015-07-10 12:56:48 UTC
This issue was resolved and addressed in
 GLSA 201507-13 at https://security.gentoo.org/glsa/201507-13
by GLSA coordinator Kristian Fiskerstrand (K_F).