Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 634456 (CVE-2017-11292)

Summary: <www-plugins/adobe-flash-27.0.0.170: Remote Code Execution (APSB17-32)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: desktop-misc, jer
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
Whiteboard: A2 [glsa cve]
Package list:
=www-plugins/adobe-flash-27.0.0.170
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-16 15:56:55 UTC
Incoming details
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-10-16 16:02:21 UTC
From $URL:

Adobe has released a security update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This update addresses a critical type confusion vulnerability that could lead to code execution.

Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-10-22 00:28:41 UTC
This issue was resolved and addressed in
 GLSA 201710-22 at https://security.gentoo.org/glsa/201710-22
by GLSA coordinator Aaron Bauman (b-man).