Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 612588 (APSB17-07, CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003) - <www-plugins/adobe-flash-25.0.0.127: Multiple vulnerabilities
Summary: <www-plugins/adobe-flash-25.0.0.127: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: APSB17-07, CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-14 08:27 UTC by Thomas Deutschmann
Modified: 2017-03-19 18:41 UTC (History)
2 users (show)

See Also:
Package list:
www-plugins/adobe-flash-25.0.0.127 amd64 x86
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2017-03-14 08:27:34 UTC
Upstream has already released v25.0.0.127. No information available yet.
Comment 1 Kristian Fiskerstrand gentoo-dev Security 2017-03-14 15:37:35 UTC
From ${URL}:
Vulnerability Details

    These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2017-2997).
    These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2998, CVE-2017-2999).
    These updates resolve a random number generator vulnerability used for constant blinding that could lead to information disclosure (CVE-2017-3000).
    These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3001, CVE-2017-3002, CVE-2017-3003).

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

    Tao Yan (@Ga1ois) of Palo Alto Networks (CVE-2017-2997, CVE-2017-2998, CVE-2017-2999)
    Wang Chenyu and Wu Hongjun of Nanyang Technological University (CVE-2017-3000)
    Yuki Chen of Qihoo 360 Vulcan Team working with Chromium Vulnerability Rewards Program and Anonymous working with Trend Micro's Zero Day Initiative (CVE-2017-3001)
    Yuki Chen of Qihoo 360 Vulcan Team working with Chromium Vulnerability Rewards Program (CVE-2017-3002, CVE-2017-3003)
Comment 2 Thomas Deutschmann gentoo-dev Security 2017-03-16 08:50:17 UTC
Maintainer already stabilized the package.

New GLSA request filed.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-03-19 18:41:11 UTC
This issue was resolved and addressed in
 GLSA 201703-02 at https://security.gentoo.org/glsa/201703-02
by GLSA coordinator Thomas Deutschmann (whissi).