Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201707-15 ] Adobe Flash Player: Multiple vulnerabilities
Date: Fri, 21 Jul 2017 23:19:50
Message-Id: e2a90477-632a-4ec6-ea37-23b28531c521@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201707-15
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Adobe Flash Player: Multiple vulnerabilities
9 Date: July 21, 2017
10 Bugs: #621680, #624620
11 ID: 201707-15
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Adobe Flash Player, the
19 worst of which allows remote attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 The Adobe Flash Player is a renderer for the SWF file format, which is
25 commonly used to provide interactive websites.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-plugins/adobe-flash < 26.0.0.137 >= 26.0.0.137
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Adobe Flash Player.
39 Please review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could possibly execute arbitrary code with the
45 privileges of the process or bypass security restrictions.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All Adobe Flash users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-26.0.0.137"
59
60 References
61 ==========
62
63 [ 1 ] CVE-2017-3075
64 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3075
65 [ 2 ] CVE-2017-3076
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3076
67 [ 3 ] CVE-2017-3077
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3077
69 [ 4 ] CVE-2017-3078
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3078
71 [ 5 ] CVE-2017-3079
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3079
73 [ 6 ] CVE-2017-3080
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3080
75 [ 7 ] CVE-2017-3081
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3081
77 [ 8 ] CVE-2017-3082
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3082
79 [ 9 ] CVE-2017-3083
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3083
81 [ 10 ] CVE-2017-3084
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3084
83 [ 11 ] CVE-2017-3099
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3099
85 [ 12 ] CVE-2017-3100
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3100
87
88 Availability
89 ============
90
91 This GLSA and any updates to it are available for viewing at
92 the Gentoo Security Website:
93
94 https://security.gentoo.org/glsa/201707-15
95
96 Concerns?
97 =========
98
99 Security is a primary focus of Gentoo Linux and ensuring the
100 confidentiality and security of our users' machines is of utmost
101 importance to us. Any security concerns should be addressed to
102 security@g.o or alternatively, you may file a bug at
103 https://bugs.gentoo.org.
104
105 License
106 =======
107
108 Copyright 2017 Gentoo Foundation, Inc; referenced text
109 belongs to its owner(s).
110
111 The contents of this document are licensed under the
112 Creative Commons - Attribution / Share Alike license.
113
114 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups