Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 598152 (APSB16-36, CVE-2016-7855)

Summary: <www-plugins/adobe-flash-{11.2.202.643,23.0.0.205}: possible code execution due to use-after-free
Product: Gentoo Security Reporter: Kristian Fiskerstrand (RETIRED) <k_f>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: desktop-misc, jer
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb16-36.html
Whiteboard: A2 [glsa cve cleanup]
Package list:
Runtime testing required: ---

Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-26 18:19:18 UTC
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.  

Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.

Affected Versions
Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.643 by visiting the Adobe Flash Player Download Center.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-26 18:22:19 UTC
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2016-7855). 

Acknowledgments
Adobe would like to thank Neel Mehta and Billy Leonard from Google's Threat Analysis Group for reporting CVE-2016-7855 and for working with Adobe to help protect our customers.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2016-10-26 22:33:05 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.643
=www-plugins/adobe-flash-23.0.0.205
Targeted stable KEYWORDS : amd64 x86
Comment 3 Agostino Sarubbo gentoo-dev 2016-10-27 08:51:59 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-10-27 08:53:14 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-29 13:20:33 UTC
Added to existing GLSA request
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-10-29 13:26:10 UTC
This issue was resolved and addressed in
 GLSA 201610-10 at https://security.gentoo.org/glsa/201610-10
by GLSA coordinator Kristian Fiskerstrand (K_F).