Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 624620 (APSB17-21, CVE-2017-3080, CVE-2017-3099, CVE-2017-3100) - <www-plugins/adobe-flash-26.0.0.137: multiple vulnerabilities
Summary: <www-plugins/adobe-flash-26.0.0.137: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: APSB17-21, CVE-2017-3080, CVE-2017-3099, CVE-2017-3100
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: A2 [glsa cve]
Keywords:
: 625256 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-07-11 20:09 UTC by GLSAMaker/CVETool Bot
Modified: 2017-07-21 23:19 UTC (History)
3 users (show)

See Also:
Package list:
www-plugins/adobe-flash-26.0.0.137
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-07-11 20:09:20 UTC
Incoming details.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-07-11 20:15:35 UTC
Security updates available for Flash Player | APSB17-21

Summary
=======
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  


Affected product versions
=========================
26.0.0.131 and earlier


Vulnerability details
=====================
Category 	        Vulnerability Impact 	  Severity   CVE Numbers
--------------------------------------------------------------------------
Security Bypass 	Information Disclosure    Important  CVE-2017-3080
Memory Corruption 	Remote Code Execution     Critical   CVE-2017-3099
Memory Corruption 	Memory address disclosure Important  CVE-2017-3100


@ Maintainer(s): Please bump to >=www-plugins/adobe-flash-26.0.0.137!
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-07-16 20:31:41 UTC
Bumped via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=88da74f57a97d87fbae51288dd689b979955cb98


@ Arches,

please test and mark stable: =www-plugins/adobe-flash-26.0.0.137
Comment 3 Tobias Klausmann (RETIRED) gentoo-dev 2017-07-19 17:24:29 UTC
Stable on amd64.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2017-07-20 06:50:13 UTC
*** Bug 625256 has been marked as a duplicate of this bug. ***
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-07-21 23:08:26 UTC
Added to an existing GLSA.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2017-07-21 23:19:32 UTC
This issue was resolved and addressed in
 GLSA 201707-15 at https://security.gentoo.org/glsa/201707-15
by GLSA coordinator Thomas Deutschmann (whissi).