- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201507-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Adobe Flash Player: Multiple vulnerabilities
     Date: July 10, 2015
     Bugs: #552946, #554220, #554250
       ID: 201507-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which allows remote attackers to execute arbitrary code.

Background
=========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-plugins/adobe-flash   < 11.2.202.481         >= 11.2.202.481

Description
==========
Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers referenced below for details.

Impact
=====
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All Adobe Flash Player users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.481"

References
=========
[  1 ] CVE-2014-0578
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0578
[  2 ] CVE-2015-3113
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3113
[  3 ] CVE-2015-3114
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3114
[  4 ] CVE-2015-3115
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3115
[  5 ] CVE-2015-3116
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3116
[  6 ] CVE-2015-3117
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3117
[  7 ] CVE-2015-3118
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3118
[  8 ] CVE-2015-3119
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3119
[  9 ] CVE-2015-3120
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3120
[ 10 ] CVE-2015-3121
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3121
[ 11 ] CVE-2015-3122
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3122
[ 12 ] CVE-2015-3123
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3123
[ 13 ] CVE-2015-3124
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3124
[ 14 ] CVE-2015-3125
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3125
[ 15 ] CVE-2015-3126
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3126
[ 16 ] CVE-2015-3127
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3127
[ 17 ] CVE-2015-3128
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3128
[ 18 ] CVE-2015-3129
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3129
[ 19 ] CVE-2015-3130
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3130
[ 20 ] CVE-2015-3131
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3131
[ 21 ] CVE-2015-3132
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3132
[ 22 ] CVE-2015-3133
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3133
[ 23 ] CVE-2015-3134
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3134
[ 24 ] CVE-2015-3135
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3135
[ 25 ] CVE-2015-3136
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3136
[ 26 ] CVE-2015-3137
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3137
[ 27 ] CVE-2015-4428
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4428
[ 28 ] CVE-2015-4429
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4429
[ 29 ] CVE-2015-4430
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4430
[ 30 ] CVE-2015-4431
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4431
[ 31 ] CVE-2015-4432
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4432
[ 32 ] CVE-2015-4433
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4433
[ 33 ] CVE-2015-5116
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5116
[ 34 ] CVE-2015-5117
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5117
[ 35 ] CVE-2015-5118
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5118
[ 36 ] CVE-2015-5119
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5119

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201507-13

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/


Gentoo: GLSA-201507-13: Adobe Flash Player: Multiple vulnerabilities

Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.

Summary

Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.

Resolution

All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.481"

References

[ 1 ] CVE-2014-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0578 [ 2 ] CVE-2015-3113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3113 [ 3 ] CVE-2015-3114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3114 [ 4 ] CVE-2015-3115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3115 [ 5 ] CVE-2015-3116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3116 [ 6 ] CVE-2015-3117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3117 [ 7 ] CVE-2015-3118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3118 [ 8 ] CVE-2015-3119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3119 [ 9 ] CVE-2015-3120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3120 [ 10 ] CVE-2015-3121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3121 [ 11 ] CVE-2015-3122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3122 [ 12 ] CVE-2015-3123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3123 [ 13 ] CVE-2015-3124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3124 [ 14 ] CVE-2015-3125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3125 [ 15 ] CVE-2015-3126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3126 [ 16 ] CVE-2015-3127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3127 [ 17 ] CVE-2015-3128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3128 [ 18 ] CVE-2015-3129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3129 [ 19 ] CVE-2015-3130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3130 [ 20 ] CVE-2015-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3131 [ 21 ] CVE-2015-3132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3132 [ 22 ] CVE-2015-3133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3133 [ 23 ] CVE-2015-3134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3134 [ 24 ] CVE-2015-3135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3135 [ 25 ] CVE-2015-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3136 [ 26 ] CVE-2015-3137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3137 [ 27 ] CVE-2015-4428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4428 [ 28 ] CVE-2015-4429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4429 [ 29 ] CVE-2015-4430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4430 [ 30 ] CVE-2015-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4431 [ 31 ] CVE-2015-4432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4432 [ 32 ] CVE-2015-4433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4433 [ 33 ] CVE-2015-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5116 [ 34 ] CVE-2015-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5117 [ 35 ] CVE-2015-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5118 [ 36 ] CVE-2015-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5119

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-13

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: July 10, 2015
Bugs: #552946, #554220, #554250
ID: 201507-13

Synopsis

Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.

Background

The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-plugins/adobe-flash < 11.2.202.481 >= 11.2.202.481

Impact

===== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.

Workaround

There is no known workaround at this time.

Related News