Full Disclosure mailing list archives
[ GLSA 201101-09 ] Adobe Flash Player: Multiple vulnerabilities
From: Tim Sammut <underling () gentoo org>
Date: Fri, 21 Jan 2011 09:17:39 -0800
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201101-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: January 21, 2011
Bugs: #307749, #322855, #332205, #337204, #343089
ID: 201101-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in Adobe Flash Player might allow remote
attackers to execute arbitrary code or cause a Denial of Service.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-plugins/adobe-flash < 10.1.102.64 >= 10.1.102.64
Description
===========
Multiple vulnerabilities were discovered in Adobe Flash Player. For
further information please consult the CVE entries and the Adobe
Security Bulletins referenced below.
Impact
======
A remote attacker could entice a user to open a specially crafted SWF
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running the application, or a Denial of Service.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest stable
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-10.1.102.64"
References
==========
[ 1 ] APSB10-06
http://www.adobe.com/support/security/bulletins/apsb10-06.html
[ 2 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 3 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 4 ] APSB10-22
http://www.adobe.com/support/security/bulletins/apsb10-22.html
[ 5 ] APSB10-26
http://www.adobe.com/support/security/bulletins/apsb10-26.html
[ 6 ] CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
[ 7 ] CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
[ 8 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 9 ] CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
[ 10 ] CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
[ 11 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 12 ] CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
[ 13 ] CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
[ 14 ] CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
[ 15 ] CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
[ 16 ] CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
[ 17 ] CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
[ 18 ] CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
[ 19 ] CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
[ 20 ] CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
[ 21 ] CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
[ 22 ] CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
[ 23 ] CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
[ 24 ] CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
[ 25 ] CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
[ 26 ] CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
[ 27 ] CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
[ 28 ] CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
[ 29 ] CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
[ 30 ] CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
[ 31 ] CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
[ 32 ] CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
[ 33 ] CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
[ 34 ] CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
[ 35 ] CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
[ 36 ] CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
[ 37 ] CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
[ 38 ] CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
[ 39 ] CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
[ 40 ] CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
[ 41 ] CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
[ 42 ] CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
[ 43 ] CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
[ 44 ] CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
[ 45 ] CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 46 ] CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
[ 47 ] CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
[ 48 ] CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
[ 49 ] CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
[ 50 ] CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
[ 51 ] CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
[ 52 ] CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
[ 53 ] CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
[ 54 ] CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
[ 55 ] CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
[ 56 ] CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
[ 57 ] CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
[ 58 ] CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
[ 59 ] CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
[ 60 ] CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 61 ] CVE-2010-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [ GLSA 201101-09 ] Adobe Flash Player: Multiple vulnerabilities Tim Sammut (Jan 21)