Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user's system via a malicious Flash file.
Package | www-plugins/adobe-flash on all architectures |
---|---|
Affected versions | < 10.0.22.87 |
Unaffected versions | >= 10.0.22.87 |
The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content.
Multiple vulnerabilities have been discovered in Adobe Flash Player:
A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user or a Denial of Service (crash). Furthermore a remote attacker could gain access to sensitive information, disclose memory contents by enticing a user to open a specially crafted PDF file inside a Flash application, modify the victim's clipboard or render it temporarily unusable, persuade a user into uploading or downloading files, bypass security restrictions with the assistance of the user to gain access to camera and microphone, conduct Cross-Site Scripting and HTTP Header Splitting attacks, bypass the "non-root domain policy" of Flash, and gain escalated privileges.
There is no known workaround at this time.
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.0.22.87"