Document 13 Flash vulnerabilities.

Affected: www/linux-*-flashplugin11.
svn path=/head/; revision=389228
2025-01-27 10:03:20 +00:00 · 2015-06-11 15:53:37 +00:00 · 2015-06-11 15:53:37 +00:00 · 353f452b19 · 2021-03-31 03:12:20 +00:00
commit 353f452b19
parent 36e1469aa7
1 changed files with 85 additions and 0 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -57,6 +57,91 @@ Notes:

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="1e63db88-1050-11e5-a4df-c485083ca99c">
+    <topic>Adobe Flash Player -- critical vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>linux-c6-flashplugin11</name>
+	<range><lt>11.2r202.466</lt></range>
+      </package>
+      <package>
+	<name>linux-f10-flashplugin11</name>
+	<range><lt>11.2r202.466</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Adobe reports:</p>
+	<blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb15-11.html">
+	  <p>
+	    Adobe has released security updates for Adobe Flash Player for
+	    Windows, Macintosh and Linux.  These updates address vulnerabilities
+	    that could potentially allow an attacker to take control of the
+	    affected system.
+	  </p>
+	  <p>
+	    These updates resolve a vulnerability (CVE-2015-3096) that could be
+	    exploited to bypass the fix for CVE-2014-5333.
+	  </p>
+	  <p>
+	    These updates improve memory address randomization of the Flash heap
+	    for the Window 7 64-bit platform (CVE-2015-3097).
+	  </p>
+	  <p>
+	    These updates resolve vulnerabilities that could be exploited to
+	    bypass the same-origin-policy and lead to information disclosure
+	    (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102).
+	  </p>
+	  <p>
+	    These updates resolve a stack overflow vulnerability that could lead
+	    to code execution (CVE-2015-3100).
+	  </p>
+	  <p>
+	    These updates resolve a permission issue in the Flash broker for
+	    Internet Explorer that could be exploited to perform privilege
+	    escalation from low to medium integrity level (CVE-2015-3101).
+	  </p>
+	  <p>
+	    These updates resolve an integer overflow vulnerability that could
+	    lead to code execution (CVE-2015-3104).
+	  </p>
+	  <p>
+	    These updates resolve a memory corruption vulnerability that could
+	    lead to code execution (CVE-2015-3105).
+	  </p>
+	  <p>
+	    These updates resolve use-after-free vulnerabilities that could lead
+	    to code execution (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107).
+	  </p>
+	  <p>
+	    These updates resolve a memory leak vulnerability that could be used
+	    to bypass ASLR (CVE-2015-3108).
+	  </p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://helpx.adobe.com/security/products/flash-player/apsb15-11.html</url>
+      <cvename>CVE-2015-3096</cvename>
+      <cvename>CVE-2015-3097</cvename>
+      <cvename>CVE-2015-3098</cvename>
+      <cvename>CVE-2015-3099</cvename>
+      <cvename>CVE-2015-3100</cvename>
+      <cvename>CVE-2015-3101</cvename>
+      <cvename>CVE-2015-3102</cvename>
+      <cvename>CVE-2015-3103</cvename>
+      <cvename>CVE-2015-3104</cvename>
+      <cvename>CVE-2015-3105</cvename>
+      <cvename>CVE-2015-3106</cvename>
+      <cvename>CVE-2015-3107</cvename>
+      <cvename>CVE-2015-3108</cvename>
+    </references>
+    <dates>
+      <discovery>2015-06-09</discovery>
+      <entry>2015-06-11</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="10a6d0aa-0b1c-11e5-bb90-002590263bf5">
    <topic>libzmq4 -- V3 protocol handler vulnerable to downgrade attacks</topic>
    <affects>