Security Advisory for Adobe Flash Player Release date: April 5, 2016 Vulnerability identifier: APSA16-01 CVE number: CVE-2016-1019 Platforms: Windows, Macintosh, Linux and Chrome OS Summary A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP with Flash Player version 20.0.0.306 and earlier. A mitigation introduced in Flash Player 21.0.0.182 currently prevents exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later. Adobe is planning to provide a security update to address this vulnerability as early as April 7. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.
Adobe Flash Player 11.2.202.577 is available: https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.616 Targeted stable KEYWORDS : amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup.
Added to existing GLSA.
CVE-2016-1019 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019): Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
This issue was resolved and addressed in GLSA 201606-08 at https://security.gentoo.org/glsa/201606-08 by GLSA coordinator Kristian Fiskerstrand (K_F).
