Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 554220 (CVE-2015-5119) - <www-plugins/adobe-flash-11.2.202.481: use after free / "hackingteam" vuln (CVE-2015-5119)
Summary: <www-plugins/adobe-flash-11.2.202.481: use after free / "hackingteam" vuln (C...
Status: RESOLVED FIXED
Alias: CVE-2015-5119
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: A2 [glsa cleanup cve]
Keywords:
Depends on:
Blocks: CVE-2014-0578
  Show dependency tree
 
Reported: 2015-07-08 09:48 UTC by Hanno Böck
Modified: 2015-07-10 12:56 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2015-07-08 09:48:30 UTC
Adobe has released an update for the flash plugin that will fix the bug that came to light in the hackingteam incident. According to the advisory affected are "Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux".

The Download page has the newer version 11.2.202.481 for Linux systems. Please bump.
Comment 2 Jeroen Roovers gentoo-dev 2015-07-08 19:55:01 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.481
Targeted stable KEYWORDS : amd64 x86
Comment 3 Jeroen Roovers gentoo-dev 2015-07-09 05:04:44 UTC
Stable for AMD64 x86.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2015-07-10 08:25:13 UTC
CVE-2015-5119 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5119):
  Use-after-free vulnerability in the ByteArray class in the ActionScript 3
  (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x
  through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on
  Linux allows remote attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via crafted Flash content that overrides a
  ValueOf function, as exploited in the wild in July 2015.
Comment 5 Kristian Fiskerstrand gentoo-dev Security 2015-07-10 08:30:47 UTC
glsa request filed
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2015-07-10 12:56:55 UTC
This issue was resolved and addressed in
 GLSA 201507-13 at https://security.gentoo.org/glsa/201507-13
by GLSA coordinator Kristian Fiskerstrand (K_F).