Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 605314 (APSB17-02, CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938) - <www-plugins/adobe-flash-24.0.0.194: Multiple vulnerabilities
Summary: <www-plugins/adobe-flash-24.0.0.194: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: APSB17-02, CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-10 22:18 UTC by Kristian Fiskerstrand
Modified: 2017-02-20 23:57 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand gentoo-dev Security 2017-01-10 22:18:11 UTC
Product 	Updated Versions 	Platform 	Priority rating 	Availability
Adobe Flash Player for Linux 	24.0.0.194 	Linux 	3 	Flash Player Download Center

Vulnerability Details

    These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2017-2938).
    These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937).
    These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935).
    These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931).

Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

    Nicolas Joly of Microsoft Vulnerability Research (CVE-2017-2936, CVE-2017-2937)
    Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero (CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935)
    Khalil Zhani working with Chromium Vulnerability Rewards Program (CVE-2017-2928)
    willJ of Tencent PC Manager (CVE-2017-2925)
    Francis Provencher of COSIG (CVE-2017-2930)
    Jann Horn of Google Project Zero (CVE-2017-2938)
    Kai Lu of Fortinet's FortiGuard Labs working with the Chromium Vulnerability Rewards Program (CVE-2017-2926, CVE-2017-2927)
Comment 1 Thomas Deutschmann gentoo-dev Security 2017-02-16 12:44:20 UTC
Added to existing GLSA request.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2017-02-20 23:57:54 UTC
This issue was resolved and addressed in
 GLSA 201702-20 at https://security.gentoo.org/glsa/201702-20
by GLSA coordinator Thomas Deutschmann (whissi).