RHSA-2017:0526

96866

1037994

https://helpx.adobe.com/security/products/flash-player/apsb17-07.html

GLSA-201703-02

The remote host is affected by the vulnerability described in GLSA-201703-02 (Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process or bypass security restrictions.
  Workaround :

    There is no known workaround at this time.

Adobe reports :

- These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2017-2997).

- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2998, CVE-2017-2999).

- These updates resolve a random number generator vulnerability used for constant blinding that could lead to information disclosure (CVE-2017-3000).

- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3001, CVE-2017-3002, CVE-2017-3003).

Versions of Adobe Flash Player prior to 25.0.0.127 are unpatched, and therefore affected by the following vulnerabilities :

 - An overflow condition exists in the Primetime TVSDK that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code.
 - A flaw exists in the Primetime TVSDK API that is triggered as certain input is not properly validated when handling timeline interactions. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the Primetime TVSDK related to the hosting playback surface that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free error exists that is triggered when handling interaction between the privacy user interface and ActionScript 2 Camera object. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A use-after-free error exists that is triggered when handling ActionScript2 TextField objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A use-after-free error exists that is triggered when handling ActionScript2 garbage collection. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - An unspecified flaw exists in the random number generator used for constant binding. This may allow a context-dependent attacker to gain access to potentially sensitive information. No further details have been provided.

This update for flash-player fixes the following issues: Security update to 25.0.0.127 (bsc#1029374), fixing the following vulnerabilities advised under APSB17-07 :

  - CVE-2017-2997: This update resolves a buffer overflow     vulnerability that could lead to code execution.

  - CVE-2017-2998, CVE-2017-2999: This update resolves     memory corruption vulnerabilities that could lead to     code execution.

  - CVE-2017-3000: This update resolves a random number     generator vulnerability used for constant blinding that     could lead to information disclosure.

  - CVE-2017-3001, CVE-2017-3002, CVE-2017-3003: This update     resolves use-after-free vulnerabilities that could lead     to code execution.

  - Details:
    https://helpx.adobe.com/security/products/flash-player/a     psb17-07.html

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

This update upgrades Flash Player to version 25.0.0.127.

Security Fix(es) :

* This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
(CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003)

The remote Windows host is missing security update 4014329. It is, therefore, affected by multiple vulnerabilities :

  - A buffer overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2017-2997)

  - Multiple memory corruption issues exist that allow an     attacker to execute arbitrary code. (CVE-2017-2998,     CVE-2017-2999)

  - An unspecified flaw exists in the random number     generator used for constant binding that allows an     attacker to disclose sensitive information.
    (CVE-2017-3000)

  - Multiple use-after-free errors exist that allow an     attacker to execute arbitrary code. (CVE-2017-3001,     CVE-2017-3002, CVE-2017-3003)

The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 24.0.0.221. It is, therefore, affected by multiple vulnerabilities :

  - A buffer overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2017-2997)

  - Multiple memory corruption issues exist that allow an     attacker to execute arbitrary code. (CVE-2017-2998,     CVE-2017-2999)

  - An unspecified flaw exists in the random number     generator used for constant binding that allows an     attacker to disclose sensitive information.
    (CVE-2017-3000)

  - Multiple use-after-free errors exist that allow an     attacker to execute arbitrary code. (CVE-2017-3001,     CVE-2017-3002, CVE-2017-3003)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 24.0.0.221. It is, therefore, affected by multiple vulnerabilities :

  - A buffer overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2017-2997)

  - Multiple memory corruption issues exist that allow an     attacker to execute arbitrary code. (CVE-2017-2998,     CVE-2017-2999)

  - An unspecified flaw exists in the random number     generator used for constant binding that allows an     attacker to disclose sensitive information.
    (CVE-2017-3000)

  - Multiple use-after-free errors exist that allow an     attacker to execute arbitrary code. (CVE-2017-3001,     CVE-2017-3002, CVE-2017-3003)

ID	Name	Product	Family	Severity
97814	GLSA-201703-02 : Adobe Flash Player: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
97788	FreeBSD : Flash Player -- multiple vulnerabilities (4ffb633c-0a3b-11e7-a9f2-0011d823eebd)	Nessus	FreeBSD Local Security Checks	critical
700006	Flash Player < 25.0.0.127 Multiple Vulnerabilities (APSB17-07)	Nessus Network Monitor	Web Clients	high
97776	SUSE SLED12 Security Update : flash-player (SUSE-SU-2017:0703-1)	Nessus	SuSE Local Security Checks	critical
97766	RHEL 6 : flash-plugin (RHSA-2017:0526)	Nessus	Red Hat Local Security Checks	critical
97735	MS17-023: Security Update for Adobe Flash Player (4014329)	Nessus	Windows : Microsoft Bulletins	critical
97728	Adobe Flash Player for Mac <= 24.0.0.221 Multiple Vulnerabilities (APSB17-07)	Nessus	MacOS X Local Security Checks	critical
97727	Adobe Flash Player <= 24.0.0.221 Multiple Vulnerabilities (APSB17-07)	Nessus	Windows	critical

CVE-2017-2999

critical

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

critical

critical

high

critical

critical

critical

critical

critical