APSA16-03: Security advisory for Adobe Flash Player Originally posted: June 14, 2016 Summary: A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.
CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.626 Targeted stable KEYWORDS : amd64 x86
(In reply to Jeroen Roovers from comment #1) > CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, > CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, > CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, > CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, > CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, > CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, > CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, > CVE-2016-4171 All of these, except CVE-2016-4171, apply to Microsoft IE and Edge browsers.
CVE-2016-4171 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171): Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. CVE-2016-4120 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120): Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.
New GLSA request filed.
amd64 stable
x86 stable. Maintainer(s), please cleanup.
This issue was resolved and addressed in GLSA 201606-08 at https://security.gentoo.org/glsa/201606-08 by GLSA coordinator Kristian Fiskerstrand (K_F).
Reopening for cleanup
Cleanup complete.