Adobe Flash Player: Remote execution of arbitrary code — GLSA 201710-22

A vulnerability in Adobe Flash Player might allow remote attackers to execute arbitrary code.

Affected packages

www-plugins/adobe-flash on all architectures
Affected versions < 27.0.0.170
Unaffected versions >= 27.0.0.170

Background

The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites.

Description

A critical type confusion vulnerability was discovered in Adobe Flash Player.

Impact

A remote attacker could execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All Adobe Flash Player users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=www-plugins/adobe-flash-27.0.0.170"
 

References

Release date
October 22, 2017

Latest revision
October 22, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries