Gentoo update for Flash Player



Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2017-3068
CVE-2017-3069
CVE-2017-3070
CVE-2017-3071
CVE-2017-3072
CVE-2017-3073
CVE-2017-3074
CWE-ID CWE-119
CWE-416
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Gentoo www-plugins/adobe-flash
Operating systems & Components / Operating system package or component

Gentoo Linux
Operating systems & Components / Operating system

Vendor Gentoo

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU6440

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-3068

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected package to version: 25.0.0.171

Vulnerable software versions

Gentoo www-plugins/adobe-flash: 25.0.0.127 - 25.0.0.163

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201705-12


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Memory corruption

EUVDB-ID: #VU6441

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3069

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected package to version: 25.0.0.171

Vulnerable software versions

Gentoo www-plugins/adobe-flash: 25.0.0.127 - 25.0.0.163

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201705-12


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory corruption

EUVDB-ID: #VU6442

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3070

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected package to version: 25.0.0.171

Vulnerable software versions

Gentoo www-plugins/adobe-flash: 25.0.0.127 - 25.0.0.163

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201705-12


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free error

EUVDB-ID: #VU6439

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3071

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected package to version: 25.0.0.171

Vulnerable software versions

Gentoo www-plugins/adobe-flash: 25.0.0.127 - 25.0.0.163

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201705-12


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory corruption

EUVDB-ID: #VU6443

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3072

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected package to version: 25.0.0.171

Vulnerable software versions

Gentoo www-plugins/adobe-flash: 25.0.0.127 - 25.0.0.163

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201705-12


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory corruption

EUVDB-ID: #VU6444

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3073

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected package to version: 25.0.0.171

Vulnerable software versions

Gentoo www-plugins/adobe-flash: 25.0.0.127 - 25.0.0.163

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201705-12


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory corruption

EUVDB-ID: #VU6445

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3074

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected package to version: 25.0.0.171

Vulnerable software versions

Gentoo www-plugins/adobe-flash: 25.0.0.127 - 25.0.0.163

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201705-12


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###