Date: Sun, 19 Jun 2016 02:57:04 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r417097 - head/security/vuxml Message-ID: <201606190257.u5J2v4BG060110@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Sun Jun 19 02:57:04 2016 New Revision: 417097 URL: https://svnweb.freebsd.org/changeset/ports/417097 Log: Document Flash vulnerabilities in Adobe Security Bulletins APSB16-10, APSB16-15, APSB16-18 PR: 209592 Reported by: Sevan Janiyan <venture37@geeklan.co.uk> Security: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033, CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117, CVE-2016-4120, CVE-2016-4121, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171 Security: https://vuxml.FreeBSD.org/freebsd/0e3dfdde-35c4-11e6-8e82-002590263bf5.html Security: https://vuxml.FreeBSD.org/freebsd/07888b49-35c4-11e6-8e82-002590263bf5.html Security: https://vuxml.FreeBSD.org/freebsd/0c6b008d-35c4-11e6-8e82-002590263bf5.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Jun 18 23:41:41 2016 (r417096) +++ head/security/vuxml/vuln.xml Sun Jun 19 02:57:04 2016 (r417097) @@ -58,6 +58,235 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="0e3dfdde-35c4-11e6-8e82-002590263bf5"> + <topic>flash -- multiple vulnerabilities</topic> + <affects> + <package> + <name>linux-c6-flashplugin</name> + <name>linux-c6_64-flashplugin</name> + <name>linux-f10-flashplugin</name> + <range><lt>11.2r202.626</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Adobe reports:</p> + <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb16-18.html">; + <p>These updates resolve type confusion vulnerabilities that could + lead to code execution (CVE-2016-4144, CVE-2016-4149).</p> + <p>These updates resolve use-after-free vulnerabilities that could + lead to code execution (CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, + CVE-2016-4146, CVE-2016-4147, CVE-2016-4148).</p> + <p>These updates resolve heap buffer overflow vulnerabilities that + could lead to code execution (CVE-2016-4135, CVE-2016-4136, + CVE-2016-4138).</p> + <p>These updates resolve memory corruption vulnerabilities that could + lead to code execution (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, + CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, + CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, + CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, + CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, + CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171).</p> + <p>These updates resolve a vulnerability in the directory search path + used to find resources that could lead to code execution + (CVE-2016-4140).</p> + <p>These updates resolve a vulnerability that could be exploited to + bypass the same-origin-policy and lead to information disclosure + (CVE-2016-4139).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-4122</cvename> + <cvename>CVE-2016-4123</cvename> + <cvename>CVE-2016-4124</cvename> + <cvename>CVE-2016-4125</cvename> + <cvename>CVE-2016-4127</cvename> + <cvename>CVE-2016-4128</cvename> + <cvename>CVE-2016-4129</cvename> + <cvename>CVE-2016-4130</cvename> + <cvename>CVE-2016-4131</cvename> + <cvename>CVE-2016-4132</cvename> + <cvename>CVE-2016-4133</cvename> + <cvename>CVE-2016-4134</cvename> + <cvename>CVE-2016-4135</cvename> + <cvename>CVE-2016-4136</cvename> + <cvename>CVE-2016-4137</cvename> + <cvename>CVE-2016-4138</cvename> + <cvename>CVE-2016-4139</cvename> + <cvename>CVE-2016-4140</cvename> + <cvename>CVE-2016-4141</cvename> + <cvename>CVE-2016-4142</cvename> + <cvename>CVE-2016-4143</cvename> + <cvename>CVE-2016-4144</cvename> + <cvename>CVE-2016-4145</cvename> + <cvename>CVE-2016-4146</cvename> + <cvename>CVE-2016-4147</cvename> + <cvename>CVE-2016-4148</cvename> + <cvename>CVE-2016-4149</cvename> + <cvename>CVE-2016-4150</cvename> + <cvename>CVE-2016-4151</cvename> + <cvename>CVE-2016-4152</cvename> + <cvename>CVE-2016-4153</cvename> + <cvename>CVE-2016-4154</cvename> + <cvename>CVE-2016-4155</cvename> + <cvename>CVE-2016-4156</cvename> + <cvename>CVE-2016-4166</cvename> + <cvename>CVE-2016-4171</cvename> + <url>https://helpx.adobe.com/security/products/flash-player/apsb16-18.html</url>; + </references> + <dates> + <discovery>2016-06-16</discovery> + <entry>2016-06-19</entry> + </dates> + </vuln> + + <vuln vid="0c6b008d-35c4-11e6-8e82-002590263bf5"> + <topic>flash -- multiple vulnerabilities</topic> + <affects> + <package> + <name>linux-c6-flashplugin</name> + <name>linux-c6_64-flashplugin</name> + <name>linux-f10-flashplugin</name> + <range><lt>11.2r202.621</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Adobe reports:</p> + <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb16-15.html">; + <p>These updates resolve type confusion vulnerabilities that could + lead to code execution (CVE-2016-1105, CVE-2016-4117).</p> + <p>These updates resolve use-after-free vulnerabilities that could + lead to code execution (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, + CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, + CVE-2016-4110, CVE-2016-4121).</p> + <p>These updates resolve a heap buffer overflow vulnerability that + could lead to code execution (CVE-2016-1101).</p> + <p>These updates resolve a buffer overflow vulnerability that could + lead to code execution (CVE-2016-1103).</p> + <p>These updates resolve memory corruption vulnerabilities that could + lead to code execution (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, + CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, + CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, + CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, + CVE-2016-4162, CVE-2016-4163).</p> + <p>These updates resolve a vulnerability in the directory search path + used to find resources that could lead to code execution + (CVE-2016-4116).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-1096</cvename> + <cvename>CVE-2016-1097</cvename> + <cvename>CVE-2016-1098</cvename> + <cvename>CVE-2016-1099</cvename> + <cvename>CVE-2016-1100</cvename> + <cvename>CVE-2016-1101</cvename> + <cvename>CVE-2016-1102</cvename> + <cvename>CVE-2016-1103</cvename> + <cvename>CVE-2016-1104</cvename> + <cvename>CVE-2016-1105</cvename> + <cvename>CVE-2016-1106</cvename> + <cvename>CVE-2016-1107</cvename> + <cvename>CVE-2016-1108</cvename> + <cvename>CVE-2016-1109</cvename> + <cvename>CVE-2016-1110</cvename> + <cvename>CVE-2016-4108</cvename> + <cvename>CVE-2016-4109</cvename> + <cvename>CVE-2016-4110</cvename> + <cvename>CVE-2016-4111</cvename> + <cvename>CVE-2016-4112</cvename> + <cvename>CVE-2016-4113</cvename> + <cvename>CVE-2016-4114</cvename> + <cvename>CVE-2016-4115</cvename> + <cvename>CVE-2016-4116</cvename> + <cvename>CVE-2016-4117</cvename> + <cvename>CVE-2016-4120</cvename> + <cvename>CVE-2016-4121</cvename> + <cvename>CVE-2016-4160</cvename> + <cvename>CVE-2016-4161</cvename> + <cvename>CVE-2016-4162</cvename> + <cvename>CVE-2016-4163</cvename> + <url>https://helpx.adobe.com/security/products/flash-player/apsb16-15.html</url>; + </references> + <dates> + <discovery>2016-05-12</discovery> + <entry>2016-06-19</entry> + </dates> + </vuln> + + <vuln vid="07888b49-35c4-11e6-8e82-002590263bf5"> + <topic>flash -- multiple vulnerabilities</topic> + <affects> + <package> + <name>linux-c6-flashplugin</name> + <name>linux-c6_64-flashplugin</name> + <name>linux-f10-flashplugin</name> + <range><lt>11.2r202.616</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Adobe reports:</p> + <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb16-10.html">; + <p>These updates harden a mitigation against JIT spraying attacks that + could be used to bypass memory layout randomization mitigations + (CVE-2016-1006).</p> + <p>These updates resolve type confusion vulnerabilities that could + lead to code execution (CVE-2016-1015, CVE-2016-1019).</p> + <p>These updates resolve use-after-free vulnerabilities that could + lead to code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, + CVE-2016-1017, CVE-2016-1031).</p> + <p>These updates resolve memory corruption vulnerabilities that could + lead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, + CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, + CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, + CVE-2016-1032, CVE-2016-1033).</p> + <p>These updates resolve a stack overflow vulnerability that could + lead to code execution (CVE-2016-1018).</p> + <p>These updates resolve a security bypass vulnerability + (CVE-2016-1030).</p> + <p>These updates resolve a vulnerability in the directory search path + used to find resources that could lead to code execution + (CVE-2016-1014).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-1006</cvename> + <cvename>CVE-2016-1011</cvename> + <cvename>CVE-2016-1012</cvename> + <cvename>CVE-2016-1013</cvename> + <cvename>CVE-2016-1014</cvename> + <cvename>CVE-2016-1015</cvename> + <cvename>CVE-2016-1016</cvename> + <cvename>CVE-2016-1017</cvename> + <cvename>CVE-2016-1018</cvename> + <cvename>CVE-2016-1019</cvename> + <cvename>CVE-2016-1020</cvename> + <cvename>CVE-2016-1021</cvename> + <cvename>CVE-2016-1022</cvename> + <cvename>CVE-2016-1023</cvename> + <cvename>CVE-2016-1024</cvename> + <cvename>CVE-2016-1025</cvename> + <cvename>CVE-2016-1026</cvename> + <cvename>CVE-2016-1027</cvename> + <cvename>CVE-2016-1028</cvename> + <cvename>CVE-2016-1029</cvename> + <cvename>CVE-2016-1030</cvename> + <cvename>CVE-2016-1031</cvename> + <cvename>CVE-2016-1032</cvename> + <cvename>CVE-2016-1033</cvename> + <url>https://helpx.adobe.com/security/products/flash-player/apsb16-10.html</url>; + </references> + <dates> + <discovery>2016-04-07</discovery> + <entry>2016-06-19</entry> + </dates> + </vuln> + <vuln vid="d59ebed4-34be-11e6-be25-3065ec8fd3ec"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606190257.u5J2v4BG060110>