GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat May 03, 2014 7:26 pm Post subject: [ GLSA 201405-04 ] Adobe Flash Player: Multiple vulnerabilit |
|
|
Gentoo Linux Security Advisory
Title: Adobe Flash Player: Multiple vulnerabilities (GLSA 201405-04)
Severity: normal
Exploitable: remote
Date: May 03, 2014
Bug(s): #501960, #504286, #507176, #508986
ID: 201405-04
Synopsis
Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which could result in execution of arbitrary code.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Affected Packages
Package: www-plugins/adobe-flash
Vulnerable: < 11.2.202.356
Unaffected: >= 11.2.202.356
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to open a specially crafted SWF
file using Adobe Flash Player, possibly resulting in execution of
arbitrary code with the privileges of the process or a Denial of Service
condition. Furthermore, a remote attacker may be able to bypass the Same
Origin Policy or read the clipboard via unspecified vectors.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-11.2.202.356"
|
References
CVE-2014-0498
CVE-2014-0499
CVE-2014-0502
CVE-2014-0503
CVE-2014-0504
CVE-2014-0506
CVE-2014-0507
CVE-2014-0508
CVE-2014-0509
CVE-2014-0515 |
|