Upstream information

CVE-2017-11225 at MITRE

Description

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 10
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 1084296 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub for SUSE Linux Enterprise 12 SP2
  • chromedriver >= 66.0.3359.181-55.1
  • chromedriver-debuginfo >= 66.0.3359.181-55.1
  • chromium >= 66.0.3359.181-55.1
  • chromium-debuginfo >= 66.0.3359.181-55.1
  • chromium-debugsource >= 66.0.3359.181-55.1
Patchnames:
openSUSE-2018-436
openSUSE Leap 15.0
  • chromium >= 66.0.3359.170-lp150.1.1
Patchnames:
openSUSE Leap 15.0 GA chromium
openSUSE Leap 42.3
  • chromedriver >= 65.0.3325.162-146.1
  • chromedriver-debuginfo >= 65.0.3325.162-146.1
  • chromium >= 65.0.3325.162-146.1
  • chromium-debuginfo >= 65.0.3325.162-146.1
  • chromium-debugsource >= 65.0.3325.162-146.1
Patchnames:
openSUSE-2018-264