Bug 605314 (APSB17-02, CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938)

Description Kristian Fiskerstrand (RETIRED) 2017-01-10 22:18:11 UTC

Product 	Updated Versions 	Platform 	Priority rating 	Availability
Adobe Flash Player for Linux 	24.0.0.194 	Linux 	3 	Flash Player Download Center

Vulnerability Details

    These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2017-2938).
    These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937).
    These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935).
    These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931).

Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

    Nicolas Joly of Microsoft Vulnerability Research (CVE-2017-2936, CVE-2017-2937)
    Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero (CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935)
    Khalil Zhani working with Chromium Vulnerability Rewards Program (CVE-2017-2928)
    willJ of Tencent PC Manager (CVE-2017-2925)
    Francis Provencher of COSIG (CVE-2017-2930)
    Jann Horn of Google Project Zero (CVE-2017-2938)
    Kai Lu of Fortinet's FortiGuard Labs working with the Chromium Vulnerability Rewards Program (CVE-2017-2926, CVE-2017-2927)