Multiple vulnerabilities have been found in Gnash which could result in execution of arbitrary code, Denial of Service, or information disclosure.
|Package||www-plugins/gnash on all architectures|
|Affected versions||< 0.8.10-r2|
|Unaffected versions||>= 0.8.10-r2|
Gnash is a GNU flash movie player that supports many SWF features.
Multiple vulnerabilities have been found in Gnash:
A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a local attacker may be able to obtain sensitive information.
There is no known workaround at this time.
All Gnash users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/gnash-0.8.10-r2"