Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 617968 (APSB17-15, CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074) - <www-plugins/adobe-flash-25.0.0.171: Multiple vulnerabilities
Summary: <www-plugins/adobe-flash-25.0.0.171: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: APSB17-15, CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-09 12:28 UTC by Thomas Deutschmann (RETIRED)
Modified: 2017-05-26 06:27 UTC (History)
2 users (show)

See Also:
Package list:
www-plugins/adobe-flash-25.0.0.171
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-05-09 12:28:58 UTC 
Upstream has already released v25.0.0.171. No information available yet.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-05-09 15:33:40 UTC 
From URL:
Vulnerability Details
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2017-3071). 
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074).

Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

Jihui Lu of Tencent KeenLab (CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074) 
Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero (CVE-2017-3068)
Comment 2 Agostino Sarubbo gentoo-dev 2017-05-10 09:34:04 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2017-05-10 15:45:56 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2017-05-11 07:36:47 UTC 
Maintainer(s), Thank you for your work.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2017-05-26 06:27:13 UTC 
This issue was resolved and addressed in
 GLSA 201705-12 at https://security.gentoo.org/glsa/201705-12
by GLSA coordinator Thomas Deutschmann (whissi).