GLSA 201309-06: Adobe Flash Player: Multiple vulnerabilities

Severity:	normal
Title:	Adobe Flash Player: Multiple vulnerabilities
Date:	09/14/2013
Bugs:	#437808, #442084, #446984, #452104, #456132, #457066, #459368, #461598, #465534, #469870, #473038, #476328, #484512
ID:	201309-06

Synopsis

Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code.

Background

The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites.

Affected packages

Package	Vulnerable	Unaffected	Architecture(s)
www-plugins/adobe-flash	< 11.2.202.310	>= 11.2.202.310	All supported architectures

Description

Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions.

Workaround

There is no known workaround at this time.

Resolution

All Adobe Flash Player users should upgrade to the latest version:

      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=www-plugins/adobe-flash-11.2.202.310"
    

References

• CVE-2012-5248
• CVE-2012-5249
• CVE-2012-5250
• CVE-2012-5251
• CVE-2012-5252
• CVE-2012-5253
• CVE-2012-5254
• CVE-2012-5255
• CVE-2012-5256
• CVE-2012-5257
• CVE-2012-5258
• CVE-2012-5259
• CVE-2012-5260
• CVE-2012-5261
• CVE-2012-5262
• CVE-2012-5263
• CVE-2012-5264
• CVE-2012-5265
• CVE-2012-5266
• CVE-2012-5267
• CVE-2012-5268
• CVE-2012-5269
• CVE-2012-5270
• CVE-2012-5271
• CVE-2012-5272
• CVE-2012-5274
• CVE-2012-5275
• CVE-2012-5276
• CVE-2012-5277
• CVE-2012-5278
• CVE-2012-5279
• CVE-2012-5280
• CVE-2012-5676
• CVE-2012-5677
• CVE-2012-5678
• CVE-2013-0504
• CVE-2013-0630
• CVE-2013-0633
• CVE-2013-0634
• CVE-2013-0637
• CVE-2013-0638
• CVE-2013-0639
• CVE-2013-0642
• CVE-2013-0643
• CVE-2013-0644
• CVE-2013-0645
• CVE-2013-0646
• CVE-2013-0647
• CVE-2013-0648
• CVE-2013-0649
• CVE-2013-0650
• CVE-2013-1365
• CVE-2013-1366
• CVE-2013-1367
• CVE-2013-1368
• CVE-2013-1369
• CVE-2013-1370
• CVE-2013-1371
• CVE-2013-1372
• CVE-2013-1373
• CVE-2013-1374
• CVE-2013-1375
• CVE-2013-1378
• CVE-2013-1379
• CVE-2013-1380
• CVE-2013-2555
• CVE-2013-2728
• CVE-2013-3343
• CVE-2013-3344
• CVE-2013-3345
• CVE-2013-3347
• CVE-2013-3361
• CVE-2013-3362
• CVE-2013-3363
• CVE-2013-5324

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.