Bugzilla – Bug 901334
VUL-0: CVE-2014-0564 CVE-2014-0558 CVE-2014-0569: flash-plugin: multiple code execution flaws (APSB14-22)
Last modified: 2015-04-16 11:05:13 UTC
rh#1152775 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of casi32. The issue lies in the failure to properly sanitize a user-supplied length value with a specific array implementation. An attacker can leverage this vulnerability to execute code within the context of the current process. References: https://bugzilla.redhat.com/show_bug.cgi?id=1152775 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0569 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0564 http://www.zerodayinitiative.com/advisories/ZDI-14-365/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0558
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
openSUSE:Factory:NonFree: created obs request id 256734. openSUSE:Maintenance (12.3, 13.1): created obs maintenance request id 256736. SUSE:SLE-11-SP1:Update: created ibs request id 45441. SUSE:SLE-12:Update: created obs maintenance request id 45442 TODO: Submit for 13.2. It will be done once it will be accepted for Factory.
This is an autogenerated message for OBS integration: This bug (901334) was mentioned in https://build.opensuse.org/request/show/256734 Factory:NonFree / flash-player
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-10-27. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/59445
openSUSE-SU-2014:1329-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 901334 CVE References: CVE-2014-0558,CVE-2014-0564,CVE-2014-0569 Sources used:
SUSE-SU-2014:1360-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 901334 CVE References: CVE-2014-0558,CVE-2014-0564,CVE-2014-0569 Sources used: SUSE Linux Enterprise Desktop 11 SP3 (src): flash-player-11.2.202.411-0.3.1
Everything got fixed
SUSE-SU-2014:1423-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 901334 CVE References: CVE-2014-0558,CVE-2014-0564,CVE-2014-0569 Sources used:
openSUSE-SU-2015:0725-1: An update that fixes 45 vulnerabilities is now available. Category: security (important) Bug References: 856386,901334,905032,907257,909219,913057,914333,914463,922033,927089 CVE References: CVE-2014-0558,CVE-2014-0564,CVE-2014-0569,CVE-2014-0573,CVE-2014-0574,CVE-2014-0576,CVE-2014-0577,CVE-2014-0581,CVE-2014-0582,CVE-2014-0583,CVE-2014-0584,CVE-2014-0585,CVE-2014-0586,CVE-2014-0588,CVE-2014-0589,CVE-2014-0590,CVE-2014-8437,CVE-2014-8438,CVE-2014-8440,CVE-2014-8441,CVE-2014-8442,CVE-2015-0331,CVE-2015-0332,CVE-2015-0346,CVE-2015-0347,CVE-2015-0348,CVE-2015-0349,CVE-2015-0350,CVE-2015-0351,CVE-2015-0352,CVE-2015-0353,CVE-2015-0354,CVE-2015-0355,CVE-2015-0356,CVE-2015-0357,CVE-2015-0358,CVE-2015-0359,CVE-2015-0360,CVE-2015-3038,CVE-2015-3039,CVE-2015-3040,CVE-2015-3041,CVE-2015-3042,CVE-2015-3043,CVE-2015-3044 Sources used: