Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 598152 (APSB16-36, CVE-2016-7855) - <www-plugins/adobe-flash-{,}: possible code execution due to use-after-free
Summary: <www-plugins/adobe-flash-{,}: possible code execution d...
Alias: APSB16-36, CVE-2016-7855
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa cve cleanup]
Depends on:
Reported: 2016-10-26 18:19 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2016-10-29 13:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-26 18:19:18 UTC
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.  

Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.

Affected Versions
Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player by visiting the Adobe Flash Player Download Center.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-26 18:22:19 UTC
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2016-7855). 

Adobe would like to thank Neel Mehta and Billy Leonard from Google's Threat Analysis Group for reporting CVE-2016-7855 and for working with Adobe to help protect our customers.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2016-10-26 22:33:05 UTC
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : amd64 x86
Comment 3 Agostino Sarubbo gentoo-dev 2016-10-27 08:51:59 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-10-27 08:53:14 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-29 13:20:33 UTC
Added to existing GLSA request
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-10-29 13:26:10 UTC
This issue was resolved and addressed in
 GLSA 201610-10 at
by GLSA coordinator Kristian Fiskerstrand (K_F).