Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 452104 (CVE-2013-0630) - <www-plugins/adobe-flash-11.2.202.261 - buffer overflow vulnerability could cause a crash and potentially allow an attacker to take control of the affected system (CVE-2013-0630)
Summary: <www-plugins/adobe-flash-11.2.202.261 - buffer overflow vulnerability could c...
Status: RESOLVED FIXED
Alias: CVE-2013-0630
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.adobe.com/support/securit...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-14 20:25 UTC by Jeroen Roovers (RETIRED)
Modified: 2013-09-14 02:54 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2013-01-14 20:25:33 UTC 
"Adobe has released security updates for Adobe Flash Player 11.5.502.135 and
   earlier versions for Windows, Adobe Flash Player 11.5.502.136 and earlier
   versions for Macintosh, Adobe Flash Player 11.2.202.258 and earlier versions
   for Linux, Adobe Flash Player 11.1.115.34 and earlier versions for Android
   4.x, and Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x
   and 2.x. These updates address a vulnerability that could cause a crash and
   potentially allow an attacker to take control of the affected system."

Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.261
Stable KEYWORDS : amd64 x86
Comment 1 Sergey Popov gentoo-dev 2013-01-15 11:08:18 UTC 
amd64 stable
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-01-16 00:21:44 UTC 
CVE-2013-0630 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630):
  Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before
  11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before
  11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before
  11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK
  before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified
  vectors.
Comment 3 Agostino Sarubbo gentoo-dev 2013-01-16 10:37:37 UTC 
x86 stable
Comment 4 Sean Amoss (RETIRED) gentoo-dev Security 2013-01-18 18:58:34 UTC 
Adding to existing GLSA draft.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-09-14 02:54:41 UTC 
This issue was resolved and addressed in
 GLSA 201309-06 at http://security.gentoo.org/glsa/glsa-201309-06.xml
by GLSA coordinator Sean Amoss (ackle).