Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 598152 (APSB16-36, CVE-2016-7855) - <www-plugins/adobe-flash-{11.2.202.643,23.0.0.205}: possible code execution due to use-after-free
Summary: <www-plugins/adobe-flash-{11.2.202.643,23.0.0.205}: possible code execution d...
Status: RESOLVED FIXED
Alias: APSB16-36, CVE-2016-7855
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: A2 [glsa cve cleanup]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-26 18:19 UTC by Kristian Fiskerstrand
Modified: 2016-10-29 13:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand gentoo-dev Security 2016-10-26 18:19:18 UTC
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.  

Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.

Affected Versions
Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.643 by visiting the Adobe Flash Player Download Center.
Comment 1 Kristian Fiskerstrand gentoo-dev Security 2016-10-26 18:22:19 UTC
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2016-7855). 

Acknowledgments
Adobe would like to thank Neel Mehta and Billy Leonard from Google's Threat Analysis Group for reporting CVE-2016-7855 and for working with Adobe to help protect our customers.
Comment 2 Jeroen Roovers gentoo-dev 2016-10-26 22:33:05 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.643
=www-plugins/adobe-flash-23.0.0.205
Targeted stable KEYWORDS : amd64 x86
Comment 3 Agostino Sarubbo gentoo-dev 2016-10-27 08:51:59 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-10-27 08:53:14 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 5 Kristian Fiskerstrand gentoo-dev Security 2016-10-29 13:20:33 UTC
Added to existing GLSA request
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-10-29 13:26:10 UTC
This issue was resolved and addressed in
 GLSA 201610-10 at https://security.gentoo.org/glsa/201610-10
by GLSA coordinator Kristian Fiskerstrand (K_F).