Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 605314 (APSB17-02, CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938)

Summary: <www-plugins/adobe-flash-24.0.0.194: Multiple vulnerabilities
Product: Gentoo Security Reporter: Kristian Fiskerstrand (RETIRED) <k_f>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: desktop-misc, jer
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
Whiteboard: A2 [glsa cve]
Package list:
Runtime testing required: ---

Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-01-10 22:18:11 UTC
Product 	Updated Versions 	Platform 	Priority rating 	Availability
Adobe Flash Player for Linux 	24.0.0.194 	Linux 	3 	Flash Player Download Center

Vulnerability Details

    These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2017-2938).
    These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937).
    These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935).
    These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931).

Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

    Nicolas Joly of Microsoft Vulnerability Research (CVE-2017-2936, CVE-2017-2937)
    Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero (CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935)
    Khalil Zhani working with Chromium Vulnerability Rewards Program (CVE-2017-2928)
    willJ of Tencent PC Manager (CVE-2017-2925)
    Francis Provencher of COSIG (CVE-2017-2930)
    Jann Horn of Google Project Zero (CVE-2017-2938)
    Kai Lu of Fortinet's FortiGuard Labs working with the Chromium Vulnerability Rewards Program (CVE-2017-2926, CVE-2017-2927)
Comment 1 Thomas Deutschmann gentoo-dev 2017-02-16 12:44:20 UTC
Added to existing GLSA request.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2017-02-20 23:57:54 UTC
This issue was resolved and addressed in
 GLSA 201702-20 at https://security.gentoo.org/glsa/201702-20
by GLSA coordinator Thomas Deutschmann (whissi).