634456 – (CVE-2017-11292) <www-plugins/adobe-flash-27.0.0.170: Remote Code Execution (APSB17-32)

Bug 634456 (CVE-2017-11292) - <www-plugins/adobe-flash-27.0.0.170: Remote Code Execution (APSB17-32)

Summary: <www-plugins/adobe-flash-27.0.0.170: Remote Code Execution (APSB17-32)

Status:	RESOLVED FIXED

Alias:	CVE-2017-11292

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	https://helpx.adobe.com/security/prod...
Whiteboard:	A2 [glsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-10-16 15:56 UTC by GLSAMaker/CVETool Bot
Modified:	2017-10-22 00:28 UTC (History)
CC List:	2 users (show)

See Also:
Package list:	=www-plugins/adobe-flash-27.0.0.170
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-10-16 15:56:55 UTC

Incoming details

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-10-16 16:02:21 UTC

From $URL:

Adobe has released a security update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This update addresses a critical type confusion vulnerability that could lead to code execution.

Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows.

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-10-16 21:39:56 UTC

Stable: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38fa8e04deabf1e822f2fd224e0c738ccac7ceee

Cleanup: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84e62a195fb087196ed15d847425dd147f85da0b

New GLSA request filed.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2017-10-22 00:28:41 UTC

This issue was resolved and addressed in
 GLSA 201710-22 at https://security.gentoo.org/glsa/201710-22
by GLSA coordinator Aaron Bauman (b-man).