Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 574284 (APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985) - <www-plugins/adobe-flash-11.2.202.569 : Multiple vulnerabilities (CVE-2016-{0964,0965,0966,0967,0968,0969,0970,0971,0972,0973,0974,0975,0976,0977,0978,0979,0980,0981,0982,0983,0984,0985})
Summary: <www-plugins/adobe-flash-11.2.202.569 : Multiple vulnerabilities (CVE-2016-{0...
Status: RESOLVED FIXED
Alias: APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-09 17:34 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2016-03-12 11:37 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-02-09 17:34:25 UTC
APSB16-04: Security updates available for Adobe Flash Player

Originally posted: February 9, 2016

Summary:
Adobe has released security updates for Adobe Flash Player.  These updates resolve critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe recommends users update their product installations using the instructions provided in the Solution section of the security bulletin. 

Learn more: http://t.info.adobesystems.com//r/?id=tc361a6aa,35b6d6c2,363e4418

Priority and Severity Ratings: 

Adobe categorizes these updates as priority 1.

http://t.info.adobesystems.com//r/?id=tc361a6aa,35b6d6c2,363e4419

#

Product 	Affected Versions 	Platform
Adobe Flash Player for Linux 	11.2.202.559 and earlier 	Linux
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2016-02-09 18:53:29 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.569
Targeted stable KEYWORDS : amd64 x86
Comment 2 Agostino Sarubbo gentoo-dev 2016-02-10 11:59:25 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2016-02-10 11:59:51 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-02-10 22:18:58 UTC
Added new request
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2016-03-11 11:10:35 UTC
CVE-2016-0985 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an
  unspecified "type confusion."

CVE-2016-0984 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984):
  Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and
  19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569
  on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and
  Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and
  CVE-2016-0983.

CVE-2016-0983 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983):
  Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and
  19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569
  on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and
  Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and
  CVE-2016-0984.

CVE-2016-0982 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982):
  Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and
  19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569
  on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and
  Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0983, and
  CVE-2016-0984.

CVE-2016-0981 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
  CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972,
  CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, and
  CVE-2016-0980.

CVE-2016-0980 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
  CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972,
  CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, and
  CVE-2016-0981.

CVE-2016-0979 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
  CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972,
  CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0980, and
  CVE-2016-0981.

CVE-2016-0978 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
  CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972,
  CVE-2016-0976, CVE-2016-0977, CVE-2016-0979, CVE-2016-0980, and
  CVE-2016-0981.

CVE-2016-0977 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
  CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972,
  CVE-2016-0976, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and
  CVE-2016-0981.

CVE-2016-0976 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
  CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972,
  CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and
  CVE-2016-0981.

CVE-2016-0975 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975):
  Use-after-free vulnerability in the instanceof function in Adobe Flash
  Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and
  OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe
  AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260
  allows attackers to execute arbitrary code by leveraging improper reference
  handling, a different vulnerability than CVE-2016-0973, CVE-2016-0974,
  CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.

CVE-2016-0974 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974):
  Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and
  19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569
  on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and
  Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2016-0973, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and
  CVE-2016-0984.

CVE-2016-0973 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973):
  Use-after-free vulnerability in the URLRequest object implementation in
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allows attackers to execute arbitrary code via a
  URLLoader.load call, a different vulnerability than CVE-2016-0974,
  CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.

CVE-2016-0972 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
  CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0976,
  CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and
  CVE-2016-0981.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-03-11 11:11:10 UTC
CVE-2016-0971 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971):
  Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x
  and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on
  Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and
  Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute
  arbitrary code via unspecified vectors.

CVE-2016-0970 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
  CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0972, CVE-2016-0976,
  CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and
  CVE-2016-0981.

CVE-2016-0969 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
  CVE-2016-0967, CVE-2016-0968, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,
  CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and
  CVE-2016-0981.

CVE-2016-0968 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
  CVE-2016-0967, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,
  CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and
  CVE-2016-0981.

CVE-2016-0967 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
  CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,
  CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and
  CVE-2016-0981.

CVE-2016-0966 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0967,
  CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,
  CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and
  CVE-2016-0981.

CVE-2016-0965 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0964, CVE-2016-0966, CVE-2016-0967,
  CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,
  CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and
  CVE-2016-0981.

CVE-2016-0964 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964):
  Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on
  Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before
  20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler
  before 20.0.0.260 allow attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,
  CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,
  CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and
  CVE-2016-0981.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 11:37:37 UTC
This issue was resolved and addressed in
 GLSA 201603-07 at https://security.gentoo.org/glsa/201603-07
by GLSA coordinator Kristian Fiskerstrand (K_F).