Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 567838 - <www-plugins/adobe-flash- Multiple vulnerabilities (CVE-2015-{8045,8047-8050,8055-8071,8401-8455})
Summary: <www-plugins/adobe-flash- Multiple vulnerabilities (CVE-2015-{80...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Reported: 2015-12-09 11:49 UTC by Markus Lohse
Modified: 2016-01-26 20:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Markus Lohse 2015-12-09 11:49:04 UTC
Details see:

New Version ( available here:
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-12-09 12:53:44 UTC
Security updates available for Adobe Flash Player

Release date: December 8, 2015

Last updated: December 8, 2015

Vulnerability identifier: APSB15-32

Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player by visiting the Adobe Flash Player Download Center.

Vulnerability Details

    These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-8438, CVE-2015-8446).
    These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417, CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8455, CVE-2015-8045, CVE-2015-8418, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408).
    These updates resolve security bypass vulnerabilities (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409).
    These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-8407).
    These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8439).
    These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8445).
    These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-8415)
    These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437, CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452, CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411, CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426, CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434, CVE-2015-8435, CVE-2015-8414, CVE-2015-8454, CVE-2015-8059, CVE-2015-8058, CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067, CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065, CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403, CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447).
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2015-12-09 13:05:36 UTC
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : amd64 x86
Comment 3 Agostino Sarubbo gentoo-dev 2015-12-09 13:28:41 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2015-12-09 13:29:05 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2015-12-31 05:43:10 UTC
Arches and Maintainer(s), Thank you for your work.

New GLSA Request filed.

Adding for Completeness:
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-01-26 20:21:24 UTC
This issue was resolved and addressed in
 GLSA 201601-03 at
by GLSA coordinator Kristian Fiskerstrand (K_F).