From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200908-04.xml | 112 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 metadata/glsa/glsa-200908-04.xml (limited to 'metadata/glsa/glsa-200908-04.xml') diff --git a/metadata/glsa/glsa-200908-04.xml b/metadata/glsa/glsa-200908-04.xml new file mode 100644 index 000000000000..f067525e6bb1 --- /dev/null +++ b/metadata/glsa/glsa-200908-04.xml @@ -0,0 +1,112 @@ + + + + Adobe products: Multiple vulnerabilities + + Multiple vulnerabilities in Adobe Reader and Adobe Flash Player allow for + attacks including the remote execution of arbitrary code. + + adobe-flash acroread + 2009-08-07 + 2009-08-07: 01 + 278813 + 278819 + remote + + + 10.0.32.18 + 10.0.32.18 + + + 9.1.3 + 9.1.3 + + + +

+ Adobe Flash Player is a closed-source playback software for Flash SWF + files. Adobe Reader is a closed-source PDF reader that plays Flash + content as well. +

+ + +

+ Multiple vulnerabilities have been reported in Adobe Flash Player: +

+
    +
  • lakehu of Tencent Security Center reported an unspecified + memory corruption vulnerability (CVE-2009-1862).
    • +
  • Mike Wroe + reported an unspecified vulnerability, related to "privilege + escalation" (CVE-2009-1863).
    • +
  • An anonymous researcher through + iDefense reported an unspecified heap-based buffer overflow + (CVE-2009-1864).
    • +
  • Chen Chen of Venustech reported an + unspecified "null pointer vulnerability" (CVE-2009-1865).
    • +
  • Chen + Chen of Venustech reported an unspecified stack-based buffer overflow + (CVE-2009-1866).
    • +
  • Joran Benker reported that Adobe Flash Player + facilitates "clickjacking" attacks (CVE-2009-1867).
    • +
  • Jun Mao of + iDefense reported a heap-based buffer overflow, related to URL parsing + (CVE-2009-1868).
    • +
  • Roee Hay of IBM Rational Application Security + reported an unspecified integer overflow (CVE-2009-1869).
    • +
  • Gareth Heyes and Microsoft Vulnerability Research reported that the + sandbox in Adobe Flash Player allows for information disclosure, when + "SWFs are saved to the hard drive" (CVE-2009-1870).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted PDF + file or web site containing Adobe Flash (SWF) contents, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application, or a Denial of Service (application + crash). Furthermore, a remote attacker could trick a user into clicking + a button on a dialog by supplying a specially crafted SWF file and + disclose sensitive information by exploiting a sandbox issue. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Adobe Flash Player users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.0.32.18" +

+ All Adobe Reader users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/acroread-9.1.3" + + + CVE-2009-1862 + CVE-2009-1863 + CVE-2009-1864 + CVE-2009-1865 + CVE-2009-1866 + CVE-2009-1867 + CVE-2009-1868 + CVE-2009-1869 + CVE-2009-1870 + + + a3li + + + a3li + + + a3li + + -- cgit v1.2.3