Summary: | <www-plugins/adobe-flash-25.0.0.127: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | desktop-misc, jer |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://helpx.adobe.com/security/products/flash-player/apsb17-07.html | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: |
www-plugins/adobe-flash-25.0.0.127 amd64 x86
|
Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2017-03-14 08:27:34 UTC
From ${URL}: Vulnerability Details These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2017-2997). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2998, CVE-2017-2999). These updates resolve a random number generator vulnerability used for constant blinding that could lead to information disclosure (CVE-2017-3000). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3001, CVE-2017-3002, CVE-2017-3003). Acknowledgments Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers: Tao Yan (@Ga1ois) of Palo Alto Networks (CVE-2017-2997, CVE-2017-2998, CVE-2017-2999) Wang Chenyu and Wu Hongjun of Nanyang Technological University (CVE-2017-3000) Yuki Chen of Qihoo 360 Vulcan Team working with Chromium Vulnerability Rewards Program and Anonymous working with Trend Micro's Zero Day Initiative (CVE-2017-3001) Yuki Chen of Qihoo 360 Vulcan Team working with Chromium Vulnerability Rewards Program (CVE-2017-3002, CVE-2017-3003) Maintainer already stabilized the package. New GLSA request filed. This issue was resolved and addressed in GLSA 201703-02 at https://security.gentoo.org/glsa/201703-02 by GLSA coordinator Thomas Deutschmann (whissi). |