svn commit: r389228 - head/security/vuxml
Johannes Jost Meixner
xmj at FreeBSD.org
Thu Jun 11 15:53:38 UTC 2015
Author: xmj
Date: Thu Jun 11 15:53:37 2015
New Revision: 389228
URL: https://svnweb.freebsd.org/changeset/ports/389228
Log:
Document 13 Flash vulnerabilities.
Affected: www/linux-*-flashplugin11.
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Jun 11 15:25:41 2015 (r389227)
+++ head/security/vuxml/vuln.xml Thu Jun 11 15:53:37 2015 (r389228)
@@ -57,6 +57,91 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="1e63db88-1050-11e5-a4df-c485083ca99c">
+ <topic>Adobe Flash Player -- critical vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin11</name>
+ <range><lt>11.2r202.466</lt></range>
+ </package>
+ <package>
+ <name>linux-f10-flashplugin11</name>
+ <range><lt>11.2r202.466</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb15-11.html">
+ <p>
+ Adobe has released security updates for Adobe Flash Player for
+ Windows, Macintosh and Linux. These updates address vulnerabilities
+ that could potentially allow an attacker to take control of the
+ affected system.
+ </p>
+ <p>
+ These updates resolve a vulnerability (CVE-2015-3096) that could be
+ exploited to bypass the fix for CVE-2014-5333.
+ </p>
+ <p>
+ These updates improve memory address randomization of the Flash heap
+ for the Window 7 64-bit platform (CVE-2015-3097).
+ </p>
+ <p>
+ These updates resolve vulnerabilities that could be exploited to
+ bypass the same-origin-policy and lead to information disclosure
+ (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102).
+ </p>
+ <p>
+ These updates resolve a stack overflow vulnerability that could lead
+ to code execution (CVE-2015-3100).
+ </p>
+ <p>
+ These updates resolve a permission issue in the Flash broker for
+ Internet Explorer that could be exploited to perform privilege
+ escalation from low to medium integrity level (CVE-2015-3101).
+ </p>
+ <p>
+ These updates resolve an integer overflow vulnerability that could
+ lead to code execution (CVE-2015-3104).
+ </p>
+ <p>
+ These updates resolve a memory corruption vulnerability that could
+ lead to code execution (CVE-2015-3105).
+ </p>
+ <p>
+ These updates resolve use-after-free vulnerabilities that could lead
+ to code execution (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107).
+ </p>
+ <p>
+ These updates resolve a memory leak vulnerability that could be used
+ to bypass ASLR (CVE-2015-3108).
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb15-11.html</url>
+ <cvename>CVE-2015-3096</cvename>
+ <cvename>CVE-2015-3097</cvename>
+ <cvename>CVE-2015-3098</cvename>
+ <cvename>CVE-2015-3099</cvename>
+ <cvename>CVE-2015-3100</cvename>
+ <cvename>CVE-2015-3101</cvename>
+ <cvename>CVE-2015-3102</cvename>
+ <cvename>CVE-2015-3103</cvename>
+ <cvename>CVE-2015-3104</cvename>
+ <cvename>CVE-2015-3105</cvename>
+ <cvename>CVE-2015-3106</cvename>
+ <cvename>CVE-2015-3107</cvename>
+ <cvename>CVE-2015-3108</cvename>
+ </references>
+ <dates>
+ <discovery>2015-06-09</discovery>
+ <entry>2015-06-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="10a6d0aa-0b1c-11e5-bb90-002590263bf5">
<topic>libzmq4 -- V3 protocol handler vulnerable to downgrade attacks</topic>
<affects>
More information about the svn-ports-head
mailing list