Bug 740388 (CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26
Summary: CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugi...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=critical,public=20110921,repor...
Depends On: 737587 737588 737589 740208 740210
Blocks: 740205 751852
TreeView+ depends on / blocked
 
Reported: 2011-09-21 20:45 UTC by Vincent Danen
Modified: 2019-06-08 18:55 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-14 14:25:34 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1333 normal SHIPPED_LIVE Critical: flash-plugin security update 2011-09-22 16:54:13 UTC
Red Hat Product Errata RHSA-2011:1434 normal SHIPPED_LIVE Critical: acroread security update 2011-11-08 16:13:47 UTC

Description Vincent Danen 2011-09-21 20:45:44 UTC
Adobe has released APSB11-26 [1] to address the following critical flaws:

This update resolves an AVM stack overflow issue that may allow for remote code execution. (CVE-2011-2426).

This update resolves an AVM stack overflow issue that may lead to denial of service and code execution.  (CVE-2011-2427).

This update resolves a logic error issue which causes a browser crash and may lead to code execution.  (CVE-2011- 2428).

This update resolves a streaming media logic error vulnerability which could lead to code execution. (CVE-2011-2430).

[1] http://www.adobe.com/support/security/bulletins/apsb11-26.html

Comment 2 errata-xmlrpc 2011-09-22 16:54:18 UTC
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2011:1333 https://rhn.redhat.com/errata/RHSA-2011-1333.html

Comment 3 errata-xmlrpc 2011-11-08 11:14:06 UTC
This issue has been addressed in following products:

  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2011:1434 https://rhn.redhat.com/errata/RHSA-2011-1434.html

Comment 4 Murray McAllister 2012-10-03 04:22:15 UTC
Acknowledgements CVE-2011-2428:

This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.


Note You need to log in before you can comment on or make changes to this bug.