Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 598152 (APSB16-36, CVE-2016-7855) - <www-plugins/adobe-flash-{11.2.202.643,23.0.0.205}: possible code execution due to use-after-free
Summary: <www-plugins/adobe-flash-{11.2.202.643,23.0.0.205}: possible code execution d...
Status: RESOLVED FIXED
Alias: APSB16-36, CVE-2016-7855
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: A2 [glsa cve cleanup]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-26 18:19 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2016-10-29 13:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-26 18:19:18 UTC 
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.  

Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.

Affected Versions
Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.643 by visiting the Adobe Flash Player Download Center.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-26 18:22:19 UTC 
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2016-7855). 

Acknowledgments
Adobe would like to thank Neel Mehta and Billy Leonard from Google's Threat Analysis Group for reporting CVE-2016-7855 and for working with Adobe to help protect our customers.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2016-10-26 22:33:05 UTC 
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.643
=www-plugins/adobe-flash-23.0.0.205
Targeted stable KEYWORDS : amd64 x86
Comment 3 Agostino Sarubbo gentoo-dev 2016-10-27 08:51:59 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-10-27 08:53:14 UTC 
x86 stable.

Maintainer(s), please cleanup.
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-29 13:20:33 UTC 
Added to existing GLSA request
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-10-29 13:26:10 UTC 
This issue was resolved and addressed in
 GLSA 201610-10 at https://security.gentoo.org/glsa/201610-10
by GLSA coordinator Kristian Fiskerstrand (K_F).