Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 634456 (CVE-2017-11292) - <www-plugins/adobe-flash-27.0.0.170: Remote Code Execution (APSB17-32)
Summary: <www-plugins/adobe-flash-27.0.0.170: Remote Code Execution (APSB17-32)
Status: RESOLVED FIXED
Alias: CVE-2017-11292
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-16 15:56 UTC by GLSAMaker/CVETool Bot
Modified: 2017-10-22 00:28 UTC (History)
2 users (show)

See Also:
Package list:
=www-plugins/adobe-flash-27.0.0.170
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-16 15:56:55 UTC
Incoming details
Comment 1 Thomas Deutschmann gentoo-dev Security 2017-10-16 16:02:21 UTC
From $URL:

Adobe has released a security update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This update addresses a critical type confusion vulnerability that could lead to code execution.

Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-10-22 00:28:41 UTC
This issue was resolved and addressed in
 GLSA 201710-22 at https://security.gentoo.org/glsa/201710-22
by GLSA coordinator Aaron Bauman (b-man).