Adobe Flash Player -- critical vulnerabilities

2015-04-14T00:00:00
ID 3364D497-E4E6-11E4-A265-C485083CA99C
Type freebsd
Reporter FreeBSD
Modified 2015-04-14T00:00:00

Description

Adobe reports:

    Adobe has released security updates for Adobe Flash Player for
    Windows, Macintosh and Linux.  These updates address vulnerabilities
    that could potentially allow an attacker to take control of the
    affected system. Adobe is aware of a report that an exploit for
    CVE-2015-3043 exists in the wild, and recommends users update their
    product installations to the latest versions.



    These updates resolve memory corruption vulnerabilities that could
    lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,
    CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,
    CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).


    These updates resolve a type confusion vulnerability that could lead
    to code execution (CVE-2015-0356).


    These updates resolve a buffer overflow vulnerability that could
    lead to code execution (CVE-2015-0348).


    These updates resolve use-after-free vulnerabilities that could lead
    to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,
    CVE-2015-3039).


    These updates resolve double-free vulnerabilities that could lead to
    code execution (CVE-2015-0346, CVE-2015-0359).


    These updates resolve memory leak vulnerabilities that could be used
    to bypass ASLR (CVE-2015-0357, CVE-2015-3040).


    These updates resolve a security bypass vulnerability that could
    lead to information disclosure (CVE-2015-3044).