| Summary: | <www-plugins/adobe-flash-25.0.0.148: Multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | CC: | desktop-misc, jer, whissi |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://helpx.adobe.com/security/products/flash-player/apsb17-10.html | ||
| Whiteboard: | A1 [glsa?] | ||
| Package list: | Runtime testing required: | --- | |
*** Bug 615244 has been marked as a duplicate of this bug. *** *** This bug has been marked as a duplicate of bug 615244 *** |
From ${URL}: Vulnerability Details These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3058, CVE-2017-3059, CVE-2017-3062, CVE-2017-3063). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3060, CVE-2017-3061, CVE-2017-3064). Acknowledgments Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers: Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero (CVE-2017-3061, CVE-2017-3064) Anonymously reported via Trend Micro's Zero Day Initiative (CVE-2017-3059) Keen Team working with Trend Micro's Zero Day Initiative (CVE-2017-3063) b5e4b07ed250ac8014390628445b0d26 working with Trend Micro's Zero Day Initiative (CVE-2017-3060) bee13oy of CloverSec Labs working with Trend Micro's Zero Day Initiative (CVE-2017-3058) Yuki Chen of 360 Vulcan Team working with Trend Micro's Zero Day Initiative (CVE-2017-3062) ## Updated version already in tree and stable with cleanup done