[gentoo-announce] [ GLSA 201603-07 ] Adobe Flash Player: Multiple vulnerabilities

news · March 12, 2016

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 201603-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

https://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal

Title: Adobe Flash Player: Multiple vulnerabilities

Date: March 12, 2016

Bugs: #574284, #576980

ID: 201603-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis

========

Multiple vulnerabilities have been found in Adobe Flash Player, the

worst of which allows remote attackers to execute arbitrary code.

Background

==========

The Adobe Flash Player is a renderer for the SWF file format, which is

commonly used to provide interactive websites.

Affected packages

=================

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 www-plugins/adobe-flash < 11.2.202.577 >= 11.2.202.577

Description

===========

Multiple vulnerabilities have been discovered in Adobe Flash Player.

Please review the CVE identifiers referenced below for details.

Impact

======

A remote attacker could possibly execute arbitrary code with the

privileges of the process, cause a Denial of Service condition, obtain

sensitive information, or bypass security restrictions.

Workaround

==========

There is no known workaround at this time.

Resolution

==========

All Adobe Flash Player users should upgrade to the latest version:

# emerge --sync

# emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.577"

References

==========

[ 1 ] CVE-2016-0960

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0960

[ 2 ] CVE-2016-0961

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0961

[ 3 ] CVE-2016-0962

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0962

[ 4 ] CVE-2016-0963

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0963

[ 5 ] CVE-2016-0964

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0964

[ 6 ] CVE-2016-0965

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0965

[ 7 ] CVE-2016-0966

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0966

[ 8 ] CVE-2016-0967

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0967

[ 9 ] CVE-2016-0968

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0968

[ 10 ] CVE-2016-0969

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0969

[ 11 ] CVE-2016-0970

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0970

[ 12 ] CVE-2016-0971

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0971

[ 13 ] CVE-2016-0972

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0972

[ 14 ] CVE-2016-0973

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0973

[ 15 ] CVE-2016-0974

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0974

[ 16 ] CVE-2016-0975

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0975

[ 17 ] CVE-2016-0976

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0976

[ 18 ] CVE-2016-0977

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0977

[ 19 ] CVE-2016-0978

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0978

[ 20 ] CVE-2016-0979

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0979

[ 21 ] CVE-2016-0980

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0980

[ 22 ] CVE-2016-0981

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0981

[ 23 ] CVE-2016-0982

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0982

[ 24 ] CVE-2016-0983

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0983

[ 25 ] CVE-2016-0984

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0984

[ 26 ] CVE-2016-0985

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0985

[ 27 ] CVE-2016-0986

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0986

[ 28 ] CVE-2016-0987

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0987

[ 29 ] CVE-2016-0988

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0988

[ 30 ] CVE-2016-0989

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0989

[ 31 ] CVE-2016-0990

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0990

[ 32 ] CVE-2016-0991

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0991

[ 33 ] CVE-2016-0992

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0992

[ 34 ] CVE-2016-0993

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0993

[ 35 ] CVE-2016-0994

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0994

[ 36 ] CVE-2016-0995

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0995

[ 37 ] CVE-2016-0996

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0996

[ 38 ] CVE-2016-0997

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0997

[ 39 ] CVE-2016-0998

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0998

[ 40 ] CVE-2016-0999

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0999

[ 41 ] CVE-2016-1000

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1000

[ 42 ] CVE-2016-1001

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1001

[ 43 ] CVE-2016-1002

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1002

[ 44 ] CVE-2016-1005

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1005

[ 45 ] CVE-2016-1010

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1010

Availability

============

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-07

Concerns?

=========

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users' machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.

License

=======

belongs to its owner(s).

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Sign In

[gentoo-announce] [ GLSA 201603-07 ] Adobe Flash Player: Multiple vulnerabilities

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity