From b38a24c9151fa84e3929ccad231dbcf03c26c6e9 Mon Sep 17 00:00:00 2001 From: Koop Mast Date: Wed, 12 Aug 2015 07:31:35 +0000 Subject: Document newest flash vulnabilities. Also list the c6_64 flash port. --- security/vuxml/vuln.xml | 92 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ebd74b1779e3..2552bd495576 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,98 @@ Notes: --> + + Adobe Flash Player -- critical vulnerabilities + + + linux-c6-flashplugin + linux-c6_64-flashplugin + 11.2r202.508 + + + linux-f10-flashplugin + 11.2r202.508 + + + + +

Adobe reports:

+
+

Adobe has released security updates for Adobe Flash Player. + These updates address critical vulnerabilities that could + potentially allow an attacker to take control of the affected + system.

+

These updates resolve type confusion vulnerabilities that could + lead to code execution (CVE-2015-5128, CVE-2015-5554, + CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).

+

These updates include further hardening to a mitigation + introduced in version 18.0.0.209 to defend against vector + length corruptions (CVE-2015-5125).

+

These updates resolve use-after-free vulnerabilities that could + lead to code execution (CVE-2015-5550, CVE-2015-5551, + CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, + CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, + CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, + CVE-2015-5564).

+

These updates resolve heap buffer overflow vulnerabilities + that could lead to code execution (CVE-2015-5129, + CVE-2015-5541).

+

These updates resolve buffer overflow vulnerabilities that + could lead to code execution (CVE-2015-5131, CVE-2015-5132, + CVE-2015-5133).

+

These updates resolve memory corruption vulnerabilities that + could lead to code execution (CVE-2015-5544, CVE-2015-5545, + CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, + CVE-2015-5552, CVE-2015-5553).

+

These updates resolve an integer overflow vulnerability that + could lead to code execution (CVE-2015-5560).

+
+ + + + CVE-2015-3107 + CVE-2015-5124 + CVE-2015-5125 + CVE-2015-5127 + CVE-2015-5128 + CVE-2015-5129 + CVE-2015-5130 + CVE-2015-5131 + CVE-2015-5132 + CVE-2015-5133 + CVE-2015-5134 + CVE-2015-5539 + CVE-2015-5540 + CVE-2015-5541 + CVE-2015-5544 + CVE-2015-5545 + CVE-2015-5546 + CVE-2015-5547 + CVE-2015-5548 + CVE-2015-5549 + CVE-2015-5550 + CVE-2015-5551 + CVE-2015-5552 + CVE-2015-5553 + CVE-2015-5554 + CVE-2015-5555 + CVE-2015-5556 + CVE-2015-5557 + CVE-2015-5558 + CVE-2015-5559 + CVE-2015-5560 + CVE-2015-5561 + CVE-2015-5562 + CVE-2015-5563 + CVE-2015-5564 + https://helpx.adobe.com/security/products/flash-player/apsb15-19.html + + + 2015-08-11 + 2015-08-12 + + + libvpx -- multiple buffer overflows -- cgit v1.2.3