Details see: https://helpx.adobe.com/security/products/flash-player/apsb15-32.html New Version (11.2.202.554) available here: http://www.adobe.com/uk/products/flashplayer/distribution3.html
Security updates available for Adobe Flash Player Release date: December 8, 2015 Last updated: December 8, 2015 Vulnerability identifier: APSB15-32 Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.554 by visiting the Adobe Flash Player Download Center. Vulnerability Details These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-8438, CVE-2015-8446). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417, CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8455, CVE-2015-8045, CVE-2015-8418, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408). These updates resolve security bypass vulnerabilities (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409). These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-8407). These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8439). These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8445). These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-8415) These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437, CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452, CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411, CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426, CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434, CVE-2015-8435, CVE-2015-8414, CVE-2015-8454, CVE-2015-8059, CVE-2015-8058, CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067, CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065, CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403, CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447).
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.554 Targeted stable KEYWORDS : amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. Adding for Completeness: (CVE-2015-{8045,8047,8048,8049,8050,8055,8056,8057,8058,8059,8060,8061,8062,8063,8064,8065,8066,8067,8068,8069,8070,8071,8401,8402,8403,8404,8405,8406,8407,8408,8409,8410,8411,8412,8413,8414,8415,8416,8417,8418,8419,8420,8421,8422,8423,8424,8425,8426,8427,8428,8429,8430,8431,8432,8433,8434,8435,8436,8437,8438,8439,8440,8441,8442,8443,8444,8445,8446,8447,8448,8449,8450,8451,8452,8453,8454,8455})
This issue was resolved and addressed in GLSA 201601-03 at https://security.gentoo.org/glsa/201601-03 by GLSA coordinator Kristian Fiskerstrand (K_F).
