Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 627336 (APSB17-23, CVE-2017-3085, CVE-2017-3106) - <www-plugins/adobe-flash-26.0.0.151: Multiple vulnerabilities
Summary: <www-plugins/adobe-flash-26.0.0.151: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: APSB17-23, CVE-2017-3085, CVE-2017-3106
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-08 16:17 UTC by Kristian Fiskerstrand
Modified: 2017-09-24 15:38 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand gentoo-dev Security 2017-08-08 16:17:13 UTC
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure.

Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.151 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
Comment 1 Wolfram Schlich (RETIRED) gentoo-dev 2017-09-12 13:44:24 UTC
The latest version on the Adobe website is 27.0.0.130:

https://fpdownload.adobe.com/pub/flashplayer/pdc/27.0.0.130/flash-player-ppapi-27.0.0.130-release.x86_64.rpm

https://fpdownload.adobe.com/pub/flashplayer/pdc/27.0.0.130/flash-player-npapi-27.0.0.130-release.x86_64.rpm

It might make sense to switch from the non-versioned tar.gz downloads to the versioned RPM downloads.
Comment 2 Thomas Deutschmann gentoo-dev Security 2017-09-12 16:03:17 UTC
All done via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1ef970d78c11619c0ba7ea004a9d1df560bfbeb and ff.

For v27.0.0.130 we will create a new bug.
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-17 20:10:46 UTC
New GLSA Request filed.

Gentoo Security Padawan
ChrisADR
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-09-24 15:38:17 UTC
This issue was resolved and addressed in
 GLSA 201709-16 at https://security.gentoo.org/glsa/201709-16
by GLSA coordinator Aaron Bauman (b-man).