Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 621680 (APSB17-17, CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084)

Summary: <www-plugins/adobe-flash-26.0.0.131: Multiple vulnerabilities
Product: Gentoo Security Reporter: Kristian Fiskerstrand (RETIRED) <k_f>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: desktop-misc, jdavid.ibp, jer, pacho
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
Whiteboard: A2 [glsa cve]
Package list:
www-plugins/adobe-flash-26.0.0.131
 Runtime testing required: ---

Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-06-13 16:55:04 UTC 
Fixed in
Product 	Version 	Platform
Adobe Flash Player Desktop Runtime 	26.0.0.126 	Linux 	3



Vulnerability details
Vulnerability Category 	Vulnerability Impact 	Severity 	CVE Numbers
Use After Free
	Remote Code Execution 	Critical 	CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084
Memory Corruption 	Remote Code Execution 	Critical 	CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082


Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

    bee13oy of CloverSec Labs working with Trend Micro's Zero Day Initiative (CVE-2017-3075, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084)
    Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero (CVE-2017-3076, CVE-2017-3077, CVE-2017-3078)
    Jihui Lu of Tencent KeenLab  (CVE-2017-3079, CVE-2017-3081)
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-16 14:28:02 UTC 
@ Maintainer(s): While the reported issues were officially addressed in =www-plugins/adobe-flash-26.0.0.126, upstream has now published =www-plugins/adobe-flash-26.0.0.131.
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-06-20 18:58:35 UTC 
@Maintainer, thank you for the bump

Arches, please stabilize 26.0.0.131
Comment 3 Agostino Sarubbo gentoo-dev 2017-06-21 08:21:44 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-06-21 12:12:16 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2017-07-16 01:47:39 UTC 
tree is clean.

GLSA request filed.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2017-07-21 23:19:24 UTC 
This issue was resolved and addressed in
 GLSA 201707-15 at https://security.gentoo.org/glsa/201707-15
by GLSA coordinator Thomas Deutschmann (whissi).