Gentoo: 201309-06 Adobe Flash Player: Multiple vulnerabilities
Posted by Benjamin D. Thomas   
Gentoo Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201309-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Adobe Flash Player: Multiple vulnerabilities
     Date: September 14, 2013
     Bugs: #437808, #442084, #446984, #452104, #456132, #457066,
           #459368, #461598, #465534, #469870, #473038, #476328, #484512
       ID: 201309-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which could result in execution of arbitrary code.

Background
==========

The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-plugins/adobe-flash   < 11.2.202.310         >= 11.2.202.310

Description
===========

Multiple unspecified vulnerabilities have been discovered in Adobe
Flash Player. Please review the CVE identifiers referenced below for
details.

Impact
======

A remote attacker could entice a user to open specially crafted SWF
content, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Furthermore, a remote attacker may be able to bypass access
restrictions.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Adobe Flash Player users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310"

References
==========

[   1 ] CVE-2012-5248
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[   2 ] CVE-2012-5248
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[   3 ] CVE-2012-5249
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[   4 ] CVE-2012-5249
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[   5 ] CVE-2012-5250
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[   6 ] CVE-2012-5250
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[   7 ] CVE-2012-5251
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[   8 ] CVE-2012-5251
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[   9 ] CVE-2012-5252
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[  10 ] CVE-2012-5252
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[  11 ] CVE-2012-5253
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[  12 ] CVE-2012-5253
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[  13 ] CVE-2012-5254
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[  14 ] CVE-2012-5254
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[  15 ] CVE-2012-5255
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[  16 ] CVE-2012-5255
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[  17 ] CVE-2012-5256
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[  18 ] CVE-2012-5256
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[  19 ] CVE-2012-5257
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[  20 ] CVE-2012-5257
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[  21 ] CVE-2012-5258
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[  22 ] CVE-2012-5258
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[  23 ] CVE-2012-5259
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[  24 ] CVE-2012-5259
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[  25 ] CVE-2012-5260
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[  26 ] CVE-2012-5260
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[  27 ] CVE-2012-5261
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[  28 ] CVE-2012-5261
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[  29 ] CVE-2012-5262
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[  30 ] CVE-2012-5262
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[  31 ] CVE-2012-5263
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[  32 ] CVE-2012-5263
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[  33 ] CVE-2012-5264
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[  34 ] CVE-2012-5264
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[  35 ] CVE-2012-5265
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[  36 ] CVE-2012-5265
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[  37 ] CVE-2012-5266
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[  38 ] CVE-2012-5266
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[  39 ] CVE-2012-5267
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[  40 ] CVE-2012-5267
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[  41 ] CVE-2012-5268
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[  42 ] CVE-2012-5268
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[  43 ] CVE-2012-5269
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[  44 ] CVE-2012-5269
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[  45 ] CVE-2012-5270
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[  46 ] CVE-2012-5270
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[  47 ] CVE-2012-5271
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[  48 ] CVE-2012-5271
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[  49 ] CVE-2012-5272
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[  50 ] CVE-2012-5272
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[  51 ] CVE-2012-5274
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274
[  52 ] CVE-2012-5275
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275
[  53 ] CVE-2012-5276
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276
[  54 ] CVE-2012-5277
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277
[  55 ] CVE-2012-5278
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278
[  56 ] CVE-2012-5279
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279
[  57 ] CVE-2012-5280
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280
[  58 ] CVE-2012-5676
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676
[  59 ] CVE-2012-5677
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677
[  60 ] CVE-2012-5678
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678
[  61 ] CVE-2013-0504
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504
[  62 ] CVE-2013-0630
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630
[  63 ] CVE-2013-0633
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633
[  64 ] CVE-2013-0634
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634
[  65 ] CVE-2013-0637
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637
[  66 ] CVE-2013-0638
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638
[  67 ] CVE-2013-0639
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639
[  68 ] CVE-2013-0642
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642
[  69 ] CVE-2013-0643
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643
[  70 ] CVE-2013-0644
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644
[  71 ] CVE-2013-0645
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645
[  72 ] CVE-2013-0646
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646
[  73 ] CVE-2013-0647
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647
[  74 ] CVE-2013-0648
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648
[  75 ] CVE-2013-0649
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649
[  76 ] CVE-2013-0650
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650
[  77 ] CVE-2013-1365
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365
[  78 ] CVE-2013-1366
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366
[  79 ] CVE-2013-1367
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367
[  80 ] CVE-2013-1368
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368
[  81 ] CVE-2013-1369
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369
[  82 ] CVE-2013-1370
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370
[  83 ] CVE-2013-1371
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371
[  84 ] CVE-2013-1372
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372
[  85 ] CVE-2013-1373
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373
[  86 ] CVE-2013-1374
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374
[  87 ] CVE-2013-1375
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375
[  88 ] CVE-2013-1378
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378
[  89 ] CVE-2013-1379
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379
[  90 ] CVE-2013-1380
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380
[  91 ] CVE-2013-2555
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555
[  92 ] CVE-2013-2728
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728
[  93 ] CVE-2013-3343
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343
[  94 ] CVE-2013-3344
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344
[  95 ] CVE-2013-3345
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345
[  96 ] CVE-2013-3347
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347
[  97 ] CVE-2013-3361
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361
[  98 ] CVE-2013-3362
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362
[  99 ] CVE-2013-3363
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363
[ 100 ] CVE-2013-5324
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201309-06.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5