VARIoT IoT vulnerabilities database
| VAR-201610-0479 | CVE-2016-6957 | Windows and Mac OS X Run on Adobe Reader and Acrobat In JavaScript API Vulnerability that circumvents execution restrictions |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlBy the attacker, JavaScript API Execution restrictions may be avoided. Adobe Acrobat and Reader are prone to a security-bypass vulnerability.
Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0478 | CVE-2016-6956 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019. This vulnerability CVE-2016-6940 , CVE-2016-6941 , CVE-2016-6942 , CVE-2016-6943 , CVE-2016-6947 , CVE-2016-6948 , CVE-2016-6950 , CVE-2016-6951 , CVE-2016-6954 , CVE-2016-6955 , CVE-2016-6959 , CVE-2016-6960 , CVE-2016-6966 , CVE-2016-6970 , CVE-2016-6972 , CVE-2016-6973 , CVE-2016-6974 , CVE-2016-6975 , CVE-2016-6976 , CVE-2016-6977 , CVE-2016-6978 , CVE-2016-6995 , CVE-2016-6996 , CVE-2016-6997 , CVE-2016-6998 , CVE-2016-7000 , CVE-2016-7001 , CVE-2016-7002 , CVE-2016-7003 , CVE-2016-7004 , CVE-2016-7005 , CVE-2016-7006 , CVE-2016-7007 , CVE-2016-7008 , CVE-2016-7009 , CVE-2016-7010 , CVE-2016-7011 , CVE-2016-7012 , CVE-2016-7013 , CVE-2016-7014 , CVE-2016-7015 , CVE-2016-7016 , CVE-2016-7017 , CVE-2016-7018 ,and CVE-2016-7019 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. The title has been changed to better reflect the vulnerability information. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0477 | CVE-2016-6955 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019. This vulnerability CVE-2016-6940 , CVE-2016-6941 , CVE-2016-6942 , CVE-2016-6943 , CVE-2016-6947 , CVE-2016-6948 , CVE-2016-6950 , CVE-2016-6951 , CVE-2016-6954 , CVE-2016-6956 , CVE-2016-6959 , CVE-2016-6960 , CVE-2016-6966 , CVE-2016-6970 , CVE-2016-6972 , CVE-2016-6973 , CVE-2016-6974 , CVE-2016-6975 , CVE-2016-6976 , CVE-2016-6977 , CVE-2016-6978 , CVE-2016-6995 , CVE-2016-6996 , CVE-2016-6997 , CVE-2016-6998 , CVE-2016-7000 , CVE-2016-7001 , CVE-2016-7002 , CVE-2016-7003 , CVE-2016-7004 , CVE-2016-7005 , CVE-2016-7006 , CVE-2016-7007 , CVE-2016-7008 , CVE-2016-7009 , CVE-2016-7010 , CVE-2016-7011 , CVE-2016-7012 , CVE-2016-7013 , CVE-2016-7014 , CVE-2016-7015 , CVE-2016-7016 , CVE-2016-7017 , CVE-2016-7018 ,and CVE-2016-7019 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. The title has been changed to better reflect the vulnerability information. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0476 | CVE-2016-6954 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019. This vulnerability CVE-2016-6940 , CVE-2016-6941 , CVE-2016-6942 , CVE-2016-6943 , CVE-2016-6947 , CVE-2016-6948 , CVE-2016-6950 , CVE-2016-6951 , CVE-2016-6955 , CVE-2016-6956 , CVE-2016-6959 , CVE-2016-6960 , CVE-2016-6966 , CVE-2016-6970 , CVE-2016-6972 , CVE-2016-6973 , CVE-2016-6974 , CVE-2016-6975 , CVE-2016-6976 , CVE-2016-6977 , CVE-2016-6978 , CVE-2016-6995 , CVE-2016-6996 , CVE-2016-6997 , CVE-2016-6998 , CVE-2016-7000 , CVE-2016-7001 , CVE-2016-7002 , CVE-2016-7003 , CVE-2016-7004 , CVE-2016-7005 , CVE-2016-7006 , CVE-2016-7007 , CVE-2016-7008 , CVE-2016-7009 , CVE-2016-7010 , CVE-2016-7011 , CVE-2016-7012 , CVE-2016-7013 , CVE-2016-7014 , CVE-2016-7015 , CVE-2016-7016 , CVE-2016-7017 , CVE-2016-7018 ,and CVE-2016-7019 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. The title has been changed to better reflect the vulnerability information. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0475 | CVE-2016-6953 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993. This vulnerability CVE-2016-1089 , CVE-2016-1091 , CVE-2016-6944 , CVE-2016-6945 , CVE-2016-6946 , CVE-2016-6949 , CVE-2016-6952 , CVE-2016-6961 , CVE-2016-6962 , CVE-2016-6963 , CVE-2016-6964 , CVE-2016-6965 , CVE-2016-6967 , CVE-2016-6968 , CVE-2016-6969 , CVE-2016-6971 , CVE-2016-6979 , CVE-2016-6988 ,and CVE-2016-6993 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of FormSubform objects. The process does not properly validate the existence of an object prior to performing operations on it. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0474 | CVE-2016-6952 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993. This vulnerability CVE-2016-1089 , CVE-2016-1091 , CVE-2016-6944 , CVE-2016-6945 , CVE-2016-6946 , CVE-2016-6949 , CVE-2016-6953 , CVE-2016-6961 , CVE-2016-6962 , CVE-2016-6963 , CVE-2016-6964 , CVE-2016-6965 , CVE-2016-6967 , CVE-2016-6968 , CVE-2016-6969 , CVE-2016-6971 , CVE-2016-6979 , CVE-2016-6988 ,and CVE-2016-6993 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of CPDField objects. The process does not properly validate the existence of an object prior to performing operations on it. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0473 | CVE-2016-6951 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019. This vulnerability CVE-2016-6940 , CVE-2016-6941 , CVE-2016-6942 , CVE-2016-6943 , CVE-2016-6947 , CVE-2016-6948 , CVE-2016-6950 , CVE-2016-6954 , CVE-2016-6955 , CVE-2016-6956 , CVE-2016-6959 , CVE-2016-6960 , CVE-2016-6966 , CVE-2016-6970 , CVE-2016-6972 , CVE-2016-6973 , CVE-2016-6974 , CVE-2016-6975 , CVE-2016-6976 , CVE-2016-6977 , CVE-2016-6978 , CVE-2016-6995 , CVE-2016-6996 , CVE-2016-6997 , CVE-2016-6998 , CVE-2016-7000 , CVE-2016-7001 , CVE-2016-7002 , CVE-2016-7003 , CVE-2016-7004 , CVE-2016-7005 , CVE-2016-7006 , CVE-2016-7007 , CVE-2016-7008 , CVE-2016-7009 , CVE-2016-7010 , CVE-2016-7011 , CVE-2016-7012 , CVE-2016-7013 , CVE-2016-7014 , CVE-2016-7015 , CVE-2016-7016 , CVE-2016-7017 , CVE-2016-7018 ,and CVE-2016-7019 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of template objects. The process does not properly validate user-supplied data which can result in a read past the end of an allocated object. Failed attacks may cause a denial-of-service condition. The title has been changed to better reflect the vulnerability information. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0471 | CVE-2016-6949 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993. This vulnerability CVE-2016-1089 , CVE-2016-1091 , CVE-2016-6944 , CVE-2016-6945 , CVE-2016-6946 , CVE-2016-6952 , CVE-2016-6953 , CVE-2016-6961 , CVE-2016-6962 , CVE-2016-6963 , CVE-2016-6964 , CVE-2016-6965 , CVE-2016-6967 , CVE-2016-6968 , CVE-2016-6969 , CVE-2016-6971 , CVE-2016-6979 , CVE-2016-6988 ,and CVE-2016-6993 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0472 | CVE-2016-6950 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019. This vulnerability CVE-2016-6940 , CVE-2016-6941 , CVE-2016-6942 , CVE-2016-6943 , CVE-2016-6947 , CVE-2016-6948 , CVE-2016-6951 , CVE-2016-6954 , CVE-2016-6955 , CVE-2016-6956 , CVE-2016-6959 , CVE-2016-6960 , CVE-2016-6966 , CVE-2016-6970 , CVE-2016-6972 , CVE-2016-6973 , CVE-2016-6974 , CVE-2016-6975 , CVE-2016-6976 , CVE-2016-6977 , CVE-2016-6978 , CVE-2016-6995 , CVE-2016-6996 , CVE-2016-6997 , CVE-2016-6998 , CVE-2016-7000 , CVE-2016-7001 , CVE-2016-7002 , CVE-2016-7003 , CVE-2016-7004 , CVE-2016-7005 , CVE-2016-7006 , CVE-2016-7007 , CVE-2016-7008 , CVE-2016-7009 , CVE-2016-7010 , CVE-2016-7011 , CVE-2016-7012 , CVE-2016-7013 , CVE-2016-7014 , CVE-2016-7015 , CVE-2016-7016 , CVE-2016-7017 , CVE-2016-7018 ,and CVE-2016-7019 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of exclGroup objects. The process does not properly validate user-supplied data which can result in a read past the end of an allocated object. Failed attacks may cause a denial-of-service condition. The title has been changed to better reflect the vulnerability information. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0470 | CVE-2016-6948 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerabilities in arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019. This vulnerability is CVE-2016-6940 , CVE-2016-6941 , CVE-2016-6942 , CVE-2016-6943 , CVE-2016-6947 , CVE-2016-6950 , CVE-2016-6951 , CVE-2016-6954 , CVE-2016-6955 , CVE-2016-6956 , CVE-2016-6959 , CVE-2016-6960 , CVE-2016-6966 , CVE-2016-6970 , CVE-2016-6972 , CVE-2016-6973 , CVE-2016-6974 , CVE-2016-6975 , CVE-2016-6976 , CVE-2016-6977 , CVE-2016-6978 , CVE-2016-6995 , CVE-2016-6996 , CVE-2016-6997 , CVE-2016-6998 , CVE-2016-7000 , CVE-2016-7001 , CVE-2016-7002 , CVE-2016-7003 , CVE-2016-7004 , CVE-2016-7005 , CVE-2016-7006 , CVE-2016-7007 , CVE-2016-7008 , CVE-2016-7009 , CVE-2016-7010 , CVE-2016-7011 , CVE-2016-7012 , CVE-2016-7013 , CVE-2016-7014 , CVE-2016-7015 , CVE-2016-7016 , CVE-2016-7017 , CVE-2016-7018 ,and CVE-2016-7019 This is a different vulnerability.Arbitrary code execution or denial of service by an attacker ( Memory corruption ) May be in a state.
Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
Note: This issue was previously titled 'Adobe Acrobat and Reader APSB16-33 Multiple Unspecified Memory Corruption Vulnerabilities'. The title has been changed to better reflect the vulnerability information. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0469 | CVE-2016-6947 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019. This vulnerability CVE-2016-6940 , CVE-2016-6941 , CVE-2016-6942 , CVE-2016-6943 , CVE-2016-6948 , CVE-2016-6950 , CVE-2016-6951 , CVE-2016-6954 , CVE-2016-6955 , CVE-2016-6956 , CVE-2016-6959 , CVE-2016-6960 , CVE-2016-6966 , CVE-2016-6970 , CVE-2016-6972 , CVE-2016-6973 , CVE-2016-6974 , CVE-2016-6975 , CVE-2016-6976 , CVE-2016-6977 , CVE-2016-6978 , CVE-2016-6995 , CVE-2016-6996 , CVE-2016-6997 , CVE-2016-6998 , CVE-2016-7000 , CVE-2016-7001 , CVE-2016-7002 , CVE-2016-7003 , CVE-2016-7004 , CVE-2016-7005 , CVE-2016-7006 , CVE-2016-7007 , CVE-2016-7008 , CVE-2016-7009 , CVE-2016-7010 , CVE-2016-7011 , CVE-2016-7012 , CVE-2016-7013 , CVE-2016-7014 , CVE-2016-7015 , CVE-2016-7016 , CVE-2016-7017 , CVE-2016-7018 ,and CVE-2016-7019 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of XFA forms. The issue lies in the failure to properly validate user-supplied data which can result in a memory access past the end of an allocated object. Failed attacks may cause a denial-of-service condition. The title has been changed to better reflect the vulnerability information. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0468 | CVE-2016-6946 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993. This vulnerability CVE-2016-1089 , CVE-2016-1091 , CVE-2016-6944 , CVE-2016-6945 , CVE-2016-6949 , CVE-2016-6952 , CVE-2016-6953 , CVE-2016-6961 , CVE-2016-6962 , CVE-2016-6963 , CVE-2016-6964 , CVE-2016-6965 , CVE-2016-6967 , CVE-2016-6968 , CVE-2016-6969 , CVE-2016-6971 , CVE-2016-6979 , CVE-2016-6988 ,and CVE-2016-6993 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of XFA maxChars. The issue lies in the failure to properly validate the existence of an object prior to performing operations on it. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0467 | CVE-2016-6945 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993. This vulnerability CVE-2016-1089 , CVE-2016-1091 , CVE-2016-6944 , CVE-2016-6946 , CVE-2016-6949 , CVE-2016-6952 , CVE-2016-6953 , CVE-2016-6961 , CVE-2016-6962 , CVE-2016-6963 , CVE-2016-6964 , CVE-2016-6965 , CVE-2016-6967 , CVE-2016-6968 , CVE-2016-6969 , CVE-2016-6971 , CVE-2016-6979 , CVE-2016-6988 ,and CVE-2016-6993 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the SaveAs menu item. The issue lies in the failure to properly validate the existence of an object prior to performing operations on it. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0464 | CVE-2016-6985 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.
Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. The following versions are affected: versions prior to 18.0.0.382 on Windows and OS X-based platforms, versions prior to 23.x from 19.x to 23.0.0.185, and versions prior to 11.2.202.637 on Linux-based platforms.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:2057-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2057.html
Issue date: 2016-10-12
CVE Names: CVE-2016-4273 CVE-2016-4286 CVE-2016-6981
CVE-2016-6982 CVE-2016-6983 CVE-2016-6984
CVE-2016-6985 CVE-2016-6986 CVE-2016-6987
CVE-2016-6989 CVE-2016-6990 CVE-2016-6992
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.637. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-4273, CVE-2016-4286, CVE-2016-6981,
CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986,
CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1383931 - CVE-2016-4273 CVE-2016-4286 CVE-2016-6981 CVE-2016-6982 CVE-2016-6983 CVE-2016-6984 CVE-2016-6985 CVE-2016-6986 CVE-2016-6987 CVE-2016-6989 CVE-2016-6990 CVE-2016-6992 flash-plugin: multiple code execution issues fixed in APSB16-32
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4273
https://access.redhat.com/security/cve/CVE-2016-4286
https://access.redhat.com/security/cve/CVE-2016-6981
https://access.redhat.com/security/cve/CVE-2016-6982
https://access.redhat.com/security/cve/CVE-2016-6983
https://access.redhat.com/security/cve/CVE-2016-6984
https://access.redhat.com/security/cve/CVE-2016-6985
https://access.redhat.com/security/cve/CVE-2016-6986
https://access.redhat.com/security/cve/CVE-2016-6987
https://access.redhat.com/security/cve/CVE-2016-6989
https://access.redhat.com/security/cve/CVE-2016-6990
https://access.redhat.com/security/cve/CVE-2016-6992
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-32.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFX/n7xXlSAg2UNWIIRAsVXAJwL/4ZCoClD7cAvqvPN13L7ccpYNQCgogk5
6UAFhMbkHmPLVjTeEA1eCe8=
=qe9H
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player 23.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-23.0.0.205"
All Adobe Flash Player 11.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.635"
References
==========
[ 1 ] CVE-2016-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182
[ 2 ] CVE-2016-4271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271
[ 3 ] CVE-2016-4272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272
[ 4 ] CVE-2016-4273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273
[ 5 ] CVE-2016-4274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274
[ 6 ] CVE-2016-4275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275
[ 7 ] CVE-2016-4276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276
[ 8 ] CVE-2016-4277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277
[ 9 ] CVE-2016-4278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278
[ 10 ] CVE-2016-4279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279
[ 11 ] CVE-2016-4280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280
[ 12 ] CVE-2016-4281
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281
[ 13 ] CVE-2016-4282
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282
[ 14 ] CVE-2016-4283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283
[ 15 ] CVE-2016-4284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284
[ 16 ] CVE-2016-4285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285
[ 17 ] CVE-2016-4286
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286
[ 18 ] CVE-2016-4287
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287
[ 19 ] CVE-2016-6921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921
[ 20 ] CVE-2016-6922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922
[ 21 ] CVE-2016-6923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923
[ 22 ] CVE-2016-6924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924
[ 23 ] CVE-2016-6925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925
[ 24 ] CVE-2016-6926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926
[ 25 ] CVE-2016-6927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927
[ 26 ] CVE-2016-6929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929
[ 27 ] CVE-2016-6930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930
[ 28 ] CVE-2016-6931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931
[ 29 ] CVE-2016-6932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932
[ 30 ] CVE-2016-6981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981
[ 31 ] CVE-2016-6982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982
[ 32 ] CVE-2016-6983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983
[ 33 ] CVE-2016-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984
[ 34 ] CVE-2016-6985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985
[ 35 ] CVE-2016-6986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986
[ 36 ] CVE-2016-6987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987
[ 37 ] CVE-2016-6989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989
[ 38 ] CVE-2016-6990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990
[ 39 ] CVE-2016-6992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992
[ 40 ] CVE-2016-7855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201610-0463 | CVE-2016-6984 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.
Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. The following versions are affected: versions prior to 18.0.0.382 on Windows and OS X-based platforms, versions prior to 23.x from 19.x to 23.0.0.185, and versions prior to 11.2.202.637 on Linux-based platforms.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:2057-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2057.html
Issue date: 2016-10-12
CVE Names: CVE-2016-4273 CVE-2016-4286 CVE-2016-6981
CVE-2016-6982 CVE-2016-6983 CVE-2016-6984
CVE-2016-6985 CVE-2016-6986 CVE-2016-6987
CVE-2016-6989 CVE-2016-6990 CVE-2016-6992
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.637. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-4273, CVE-2016-4286, CVE-2016-6981,
CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986,
CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1383931 - CVE-2016-4273 CVE-2016-4286 CVE-2016-6981 CVE-2016-6982 CVE-2016-6983 CVE-2016-6984 CVE-2016-6985 CVE-2016-6986 CVE-2016-6987 CVE-2016-6989 CVE-2016-6990 CVE-2016-6992 flash-plugin: multiple code execution issues fixed in APSB16-32
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4273
https://access.redhat.com/security/cve/CVE-2016-4286
https://access.redhat.com/security/cve/CVE-2016-6981
https://access.redhat.com/security/cve/CVE-2016-6982
https://access.redhat.com/security/cve/CVE-2016-6983
https://access.redhat.com/security/cve/CVE-2016-6984
https://access.redhat.com/security/cve/CVE-2016-6985
https://access.redhat.com/security/cve/CVE-2016-6986
https://access.redhat.com/security/cve/CVE-2016-6987
https://access.redhat.com/security/cve/CVE-2016-6989
https://access.redhat.com/security/cve/CVE-2016-6990
https://access.redhat.com/security/cve/CVE-2016-6992
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-32.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFX/n7xXlSAg2UNWIIRAsVXAJwL/4ZCoClD7cAvqvPN13L7ccpYNQCgogk5
6UAFhMbkHmPLVjTeEA1eCe8=
=qe9H
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player 23.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-23.0.0.205"
All Adobe Flash Player 11.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.635"
References
==========
[ 1 ] CVE-2016-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182
[ 2 ] CVE-2016-4271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271
[ 3 ] CVE-2016-4272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272
[ 4 ] CVE-2016-4273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273
[ 5 ] CVE-2016-4274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274
[ 6 ] CVE-2016-4275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275
[ 7 ] CVE-2016-4276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276
[ 8 ] CVE-2016-4277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277
[ 9 ] CVE-2016-4278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278
[ 10 ] CVE-2016-4279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279
[ 11 ] CVE-2016-4280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280
[ 12 ] CVE-2016-4281
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281
[ 13 ] CVE-2016-4282
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282
[ 14 ] CVE-2016-4283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283
[ 15 ] CVE-2016-4284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284
[ 16 ] CVE-2016-4285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285
[ 17 ] CVE-2016-4286
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286
[ 18 ] CVE-2016-4287
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287
[ 19 ] CVE-2016-6921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921
[ 20 ] CVE-2016-6922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922
[ 21 ] CVE-2016-6923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923
[ 22 ] CVE-2016-6924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924
[ 23 ] CVE-2016-6925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925
[ 24 ] CVE-2016-6926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926
[ 25 ] CVE-2016-6927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927
[ 26 ] CVE-2016-6929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929
[ 27 ] CVE-2016-6930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930
[ 28 ] CVE-2016-6931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931
[ 29 ] CVE-2016-6932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932
[ 30 ] CVE-2016-6981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981
[ 31 ] CVE-2016-6982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982
[ 32 ] CVE-2016-6983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983
[ 33 ] CVE-2016-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984
[ 34 ] CVE-2016-6985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985
[ 35 ] CVE-2016-6986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986
[ 36 ] CVE-2016-6987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987
[ 37 ] CVE-2016-6989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989
[ 38 ] CVE-2016-6990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990
[ 39 ] CVE-2016-6992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992
[ 40 ] CVE-2016-7855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201610-0462 | CVE-2016-6983 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.
Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. The following versions are affected: versions prior to 18.0.0.382 on Windows and OS X-based platforms, versions prior to 23.x from 19.x to 23.0.0.185, and versions prior to 11.2.202.637 on Linux-based platforms.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:2057-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2057.html
Issue date: 2016-10-12
CVE Names: CVE-2016-4273 CVE-2016-4286 CVE-2016-6981
CVE-2016-6982 CVE-2016-6983 CVE-2016-6984
CVE-2016-6985 CVE-2016-6986 CVE-2016-6987
CVE-2016-6989 CVE-2016-6990 CVE-2016-6992
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.637. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-4273, CVE-2016-4286, CVE-2016-6981,
CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986,
CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1383931 - CVE-2016-4273 CVE-2016-4286 CVE-2016-6981 CVE-2016-6982 CVE-2016-6983 CVE-2016-6984 CVE-2016-6985 CVE-2016-6986 CVE-2016-6987 CVE-2016-6989 CVE-2016-6990 CVE-2016-6992 flash-plugin: multiple code execution issues fixed in APSB16-32
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4273
https://access.redhat.com/security/cve/CVE-2016-4286
https://access.redhat.com/security/cve/CVE-2016-6981
https://access.redhat.com/security/cve/CVE-2016-6982
https://access.redhat.com/security/cve/CVE-2016-6983
https://access.redhat.com/security/cve/CVE-2016-6984
https://access.redhat.com/security/cve/CVE-2016-6985
https://access.redhat.com/security/cve/CVE-2016-6986
https://access.redhat.com/security/cve/CVE-2016-6987
https://access.redhat.com/security/cve/CVE-2016-6989
https://access.redhat.com/security/cve/CVE-2016-6990
https://access.redhat.com/security/cve/CVE-2016-6992
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-32.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFX/n7xXlSAg2UNWIIRAsVXAJwL/4ZCoClD7cAvqvPN13L7ccpYNQCgogk5
6UAFhMbkHmPLVjTeEA1eCe8=
=qe9H
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player 23.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-23.0.0.205"
All Adobe Flash Player 11.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.635"
References
==========
[ 1 ] CVE-2016-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182
[ 2 ] CVE-2016-4271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271
[ 3 ] CVE-2016-4272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272
[ 4 ] CVE-2016-4273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273
[ 5 ] CVE-2016-4274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274
[ 6 ] CVE-2016-4275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275
[ 7 ] CVE-2016-4276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276
[ 8 ] CVE-2016-4277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277
[ 9 ] CVE-2016-4278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278
[ 10 ] CVE-2016-4279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279
[ 11 ] CVE-2016-4280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280
[ 12 ] CVE-2016-4281
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281
[ 13 ] CVE-2016-4282
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282
[ 14 ] CVE-2016-4283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283
[ 15 ] CVE-2016-4284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284
[ 16 ] CVE-2016-4285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285
[ 17 ] CVE-2016-4286
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286
[ 18 ] CVE-2016-4287
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287
[ 19 ] CVE-2016-6921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921
[ 20 ] CVE-2016-6922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922
[ 21 ] CVE-2016-6923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923
[ 22 ] CVE-2016-6924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924
[ 23 ] CVE-2016-6925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925
[ 24 ] CVE-2016-6926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926
[ 25 ] CVE-2016-6927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927
[ 26 ] CVE-2016-6929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929
[ 27 ] CVE-2016-6930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930
[ 28 ] CVE-2016-6931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931
[ 29 ] CVE-2016-6932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932
[ 30 ] CVE-2016-6981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981
[ 31 ] CVE-2016-6982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982
[ 32 ] CVE-2016-6983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983
[ 33 ] CVE-2016-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984
[ 34 ] CVE-2016-6985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985
[ 35 ] CVE-2016-6986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986
[ 36 ] CVE-2016-6987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987
[ 37 ] CVE-2016-6989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989
[ 38 ] CVE-2016-6990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990
[ 39 ] CVE-2016-6992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992
[ 40 ] CVE-2016-7855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201610-0465 | CVE-2016-6986 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6989, and CVE-2016-6990. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of SWF data. A crafted SWF can trigger a read past the end of an allocated buffer. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. The following versions are affected: versions prior to 18.0.0.382 on Windows and OS X-based platforms, versions prior to 23.x from 19.x to 23.0.0.185, and versions prior to 11.2.202.637 on Linux-based platforms.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:2057-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2057.html
Issue date: 2016-10-12
CVE Names: CVE-2016-4273 CVE-2016-4286 CVE-2016-6981
CVE-2016-6982 CVE-2016-6983 CVE-2016-6984
CVE-2016-6985 CVE-2016-6986 CVE-2016-6987
CVE-2016-6989 CVE-2016-6990 CVE-2016-6992
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.637. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-4273, CVE-2016-4286, CVE-2016-6981,
CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986,
CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1383931 - CVE-2016-4273 CVE-2016-4286 CVE-2016-6981 CVE-2016-6982 CVE-2016-6983 CVE-2016-6984 CVE-2016-6985 CVE-2016-6986 CVE-2016-6987 CVE-2016-6989 CVE-2016-6990 CVE-2016-6992 flash-plugin: multiple code execution issues fixed in APSB16-32
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4273
https://access.redhat.com/security/cve/CVE-2016-4286
https://access.redhat.com/security/cve/CVE-2016-6981
https://access.redhat.com/security/cve/CVE-2016-6982
https://access.redhat.com/security/cve/CVE-2016-6983
https://access.redhat.com/security/cve/CVE-2016-6984
https://access.redhat.com/security/cve/CVE-2016-6985
https://access.redhat.com/security/cve/CVE-2016-6986
https://access.redhat.com/security/cve/CVE-2016-6987
https://access.redhat.com/security/cve/CVE-2016-6989
https://access.redhat.com/security/cve/CVE-2016-6990
https://access.redhat.com/security/cve/CVE-2016-6992
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-32.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFX/n7xXlSAg2UNWIIRAsVXAJwL/4ZCoClD7cAvqvPN13L7ccpYNQCgogk5
6UAFhMbkHmPLVjTeEA1eCe8=
=qe9H
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player 23.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-23.0.0.205"
All Adobe Flash Player 11.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.635"
References
==========
[ 1 ] CVE-2016-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182
[ 2 ] CVE-2016-4271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271
[ 3 ] CVE-2016-4272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272
[ 4 ] CVE-2016-4273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273
[ 5 ] CVE-2016-4274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274
[ 6 ] CVE-2016-4275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275
[ 7 ] CVE-2016-4276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276
[ 8 ] CVE-2016-4277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277
[ 9 ] CVE-2016-4278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278
[ 10 ] CVE-2016-4279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279
[ 11 ] CVE-2016-4280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280
[ 12 ] CVE-2016-4281
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281
[ 13 ] CVE-2016-4282
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282
[ 14 ] CVE-2016-4283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283
[ 15 ] CVE-2016-4284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284
[ 16 ] CVE-2016-4285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285
[ 17 ] CVE-2016-4286
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286
[ 18 ] CVE-2016-4287
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287
[ 19 ] CVE-2016-6921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921
[ 20 ] CVE-2016-6922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922
[ 21 ] CVE-2016-6923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923
[ 22 ] CVE-2016-6924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924
[ 23 ] CVE-2016-6925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925
[ 24 ] CVE-2016-6926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926
[ 25 ] CVE-2016-6927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927
[ 26 ] CVE-2016-6929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929
[ 27 ] CVE-2016-6930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930
[ 28 ] CVE-2016-6931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931
[ 29 ] CVE-2016-6932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932
[ 30 ] CVE-2016-6981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981
[ 31 ] CVE-2016-6982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982
[ 32 ] CVE-2016-6983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983
[ 33 ] CVE-2016-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984
[ 34 ] CVE-2016-6985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985
[ 35 ] CVE-2016-6986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986
[ 36 ] CVE-2016-6987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987
[ 37 ] CVE-2016-6989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989
[ 38 ] CVE-2016-6990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990
[ 39 ] CVE-2016-6992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992
[ 40 ] CVE-2016-7855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201610-0459 | CVE-2016-6979 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6988, and CVE-2016-6993. This vulnerability CVE-2016-1089 , CVE-2016-1091 , CVE-2016-6944 , CVE-2016-6945 , CVE-2016-6946 , CVE-2016-6949 , CVE-2016-6952 , CVE-2016-6953 , CVE-2016-6961 , CVE-2016-6962 , CVE-2016-6963 , CVE-2016-6964 , CVE-2016-6965 , CVE-2016-6967 , CVE-2016-6968 , CVE-2016-6969 , CVE-2016-6971 , CVE-2016-6988 ,and CVE-2016-6993 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AXSLE library. The process does not properly validate the existence of an object prior to performing operations on the object. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201610-0466 | CVE-2016-6987 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981. This vulnerability CVE-2016-6981 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within Accessibility's sendEvent method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. The following versions are affected: versions prior to 18.0.0.382 on Windows and OS X-based platforms, versions prior to 23.x from 19.x to 23.0.0.185, and versions prior to 11.2.202.637 on Linux-based platforms.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:2057-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2057.html
Issue date: 2016-10-12
CVE Names: CVE-2016-4273 CVE-2016-4286 CVE-2016-6981
CVE-2016-6982 CVE-2016-6983 CVE-2016-6984
CVE-2016-6985 CVE-2016-6986 CVE-2016-6987
CVE-2016-6989 CVE-2016-6990 CVE-2016-6992
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.637. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-4273, CVE-2016-4286, CVE-2016-6981,
CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986,
CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1383931 - CVE-2016-4273 CVE-2016-4286 CVE-2016-6981 CVE-2016-6982 CVE-2016-6983 CVE-2016-6984 CVE-2016-6985 CVE-2016-6986 CVE-2016-6987 CVE-2016-6989 CVE-2016-6990 CVE-2016-6992 flash-plugin: multiple code execution issues fixed in APSB16-32
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.637-1.el5_11.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.637-1.el6_8.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4273
https://access.redhat.com/security/cve/CVE-2016-4286
https://access.redhat.com/security/cve/CVE-2016-6981
https://access.redhat.com/security/cve/CVE-2016-6982
https://access.redhat.com/security/cve/CVE-2016-6983
https://access.redhat.com/security/cve/CVE-2016-6984
https://access.redhat.com/security/cve/CVE-2016-6985
https://access.redhat.com/security/cve/CVE-2016-6986
https://access.redhat.com/security/cve/CVE-2016-6987
https://access.redhat.com/security/cve/CVE-2016-6989
https://access.redhat.com/security/cve/CVE-2016-6990
https://access.redhat.com/security/cve/CVE-2016-6992
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-32.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFX/n7xXlSAg2UNWIIRAsVXAJwL/4ZCoClD7cAvqvPN13L7ccpYNQCgogk5
6UAFhMbkHmPLVjTeEA1eCe8=
=qe9H
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player 23.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-23.0.0.205"
All Adobe Flash Player 11.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.635"
References
==========
[ 1 ] CVE-2016-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182
[ 2 ] CVE-2016-4271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271
[ 3 ] CVE-2016-4272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272
[ 4 ] CVE-2016-4273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273
[ 5 ] CVE-2016-4274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274
[ 6 ] CVE-2016-4275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275
[ 7 ] CVE-2016-4276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276
[ 8 ] CVE-2016-4277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277
[ 9 ] CVE-2016-4278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278
[ 10 ] CVE-2016-4279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279
[ 11 ] CVE-2016-4280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280
[ 12 ] CVE-2016-4281
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281
[ 13 ] CVE-2016-4282
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282
[ 14 ] CVE-2016-4283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283
[ 15 ] CVE-2016-4284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284
[ 16 ] CVE-2016-4285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285
[ 17 ] CVE-2016-4286
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286
[ 18 ] CVE-2016-4287
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287
[ 19 ] CVE-2016-6921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921
[ 20 ] CVE-2016-6922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922
[ 21 ] CVE-2016-6923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923
[ 22 ] CVE-2016-6924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924
[ 23 ] CVE-2016-6925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925
[ 24 ] CVE-2016-6926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926
[ 25 ] CVE-2016-6927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927
[ 26 ] CVE-2016-6929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929
[ 27 ] CVE-2016-6930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930
[ 28 ] CVE-2016-6931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931
[ 29 ] CVE-2016-6932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932
[ 30 ] CVE-2016-6981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981
[ 31 ] CVE-2016-6982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982
[ 32 ] CVE-2016-6983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983
[ 33 ] CVE-2016-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984
[ 34 ] CVE-2016-6985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985
[ 35 ] CVE-2016-6986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986
[ 36 ] CVE-2016-6987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987
[ 37 ] CVE-2016-6989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989
[ 38 ] CVE-2016-6990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990
[ 39 ] CVE-2016-6992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992
[ 40 ] CVE-2016-7855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201610-0457 | CVE-2016-6977 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019. This vulnerability CVE-2016-6940 , CVE-2016-6941 , CVE-2016-6942 , CVE-2016-6943 , CVE-2016-6947 , CVE-2016-6948 , CVE-2016-6950 , CVE-2016-6951 , CVE-2016-6954 , CVE-2016-6955 , CVE-2016-6956 , CVE-2016-6959 , CVE-2016-6960 , CVE-2016-6966 , CVE-2016-6970 , CVE-2016-6972 , CVE-2016-6973 , CVE-2016-6974 , CVE-2016-6975 , CVE-2016-6976 , CVE-2016-6978 , CVE-2016-6995 , CVE-2016-6996 , CVE-2016-6997 , CVE-2016-6998 , CVE-2016-7000 , CVE-2016-7001 , CVE-2016-7002 , CVE-2016-7003 , CVE-2016-7004 , CVE-2016-7005 , CVE-2016-7006 , CVE-2016-7007 , CVE-2016-7008 , CVE-2016-7009 , CVE-2016-7010 , CVE-2016-7011 , CVE-2016-7012 , CVE-2016-7013 , CVE-2016-7014 , CVE-2016-7015 , CVE-2016-7016 , CVE-2016-7017 , CVE-2016-7018 ,and CVE-2016-7019 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AXSLE library. The process does not properly validate user-supplied data which can result in a read past the end of an allocated object. Failed attacks may cause a denial-of-service condition. The title has been changed to better reflect the vulnerability information. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF