Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 621680 (APSB17-17, CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084) - <www-plugins/adobe-flash-26.0.0.131: Multiple vulnerabilities
Summary: <www-plugins/adobe-flash-26.0.0.131: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: APSB17-17, CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-13 16:55 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2017-07-21 23:19 UTC (History)
4 users (show)

See Also:
Package list:
www-plugins/adobe-flash-26.0.0.131
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-06-13 16:55:04 UTC
Fixed in
Product 	Version 	Platform
Adobe Flash Player Desktop Runtime 	26.0.0.126 	Linux 	3



Vulnerability details
Vulnerability Category 	Vulnerability Impact 	Severity 	CVE Numbers
Use After Free
	Remote Code Execution 	Critical 	CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084
Memory Corruption 	Remote Code Execution 	Critical 	CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082


Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

    bee13oy of CloverSec Labs working with Trend Micro's Zero Day Initiative (CVE-2017-3075, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084)
    Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero (CVE-2017-3076, CVE-2017-3077, CVE-2017-3078)
    Jihui Lu of Tencent KeenLab  (CVE-2017-3079, CVE-2017-3081)
Comment 1 Thomas Deutschmann gentoo-dev 2017-06-16 14:28:02 UTC
@ Maintainer(s): While the reported issues were officially addressed in =www-plugins/adobe-flash-26.0.0.126, upstream has now published =www-plugins/adobe-flash-26.0.0.131.
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-06-20 18:58:35 UTC
@Maintainer, thank you for the bump

Arches, please stabilize 26.0.0.131
Comment 3 Agostino Sarubbo gentoo-dev 2017-06-21 08:21:44 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-06-21 12:12:16 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-07-16 01:47:39 UTC
tree is clean.

GLSA request filed.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2017-07-21 23:19:24 UTC
This issue was resolved and addressed in
 GLSA 201707-15 at https://security.gentoo.org/glsa/201707-15
by GLSA coordinator Thomas Deutschmann (whissi).