Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 579166 (APSA16-01, CVE-2016-1019) - <www-plugins/adobe-flash- Arbitrary code execution vulnerability (CVE-2016-1019)
Summary: <www-plugins/adobe-flash- Arbitrary code execution vulnerability...
Alias: APSA16-01, CVE-2016-1019
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa cve]
Depends on:
Reported: 2016-04-06 14:27 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2016-06-18 23:50 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-04-06 14:27:34 UTC
Security Advisory for Adobe Flash Player

Release date: April 5, 2016

Vulnerability identifier: APSA16-01

CVE number: CVE-2016-1019

Platforms: Windows, Macintosh, Linux and Chrome OS

A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP with Flash Player version and earlier. A mitigation introduced in Flash Player currently prevents exploitation of this vulnerability, protecting users running Flash Player and later.

Adobe is planning to provide a security update to address this vulnerability as early as April 7. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.
Comment 1 Marius Brehler 2016-04-08 16:52:53 UTC
Adobe Flash Player is available:
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2016-04-08 21:32:16 UTC
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : amd64 x86
Comment 3 Agostino Sarubbo gentoo-dev 2016-04-11 10:22:04 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-04-11 10:42:06 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2016-06-17 23:29:07 UTC
Added to existing GLSA.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-06-17 23:29:36 UTC
CVE-2016-1019 (
  Adobe Flash Player and earlier allows remote attackers to cause a
  denial of service (application crash) or possibly execute arbitrary code via
  unspecified vectors, as exploited in the wild in April 2016.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2016-06-18 23:50:58 UTC
This issue was resolved and addressed in
 GLSA 201606-08 at
by GLSA coordinator Kristian Fiskerstrand (K_F).