[arch-security] [ASA-201512-7] flashplugin: multiple issues

Arch Linux Security Advisory ASA-201512-7 ========================================= Severity: Critical Date : 2015-12-09 CVE-ID : CVE-2015-8045 CVE-2015-8047 CVE-2015-8048 CVE-2015-8049 CVE-2015-8050 CVE-2015-8055 CVE-2015-8056 CVE-2015-8057 CVE-2015-8058 CVE-2015-8059 CVE-2015-8060 CVE-2015-8061 CVE-2015-8062 CVE-2015-8063 CVE-2015-8064 CVE-2015-8065 CVE-2015-8066 CVE-2015-8067 CVE-2015-8068 CVE-2015-8069 CVE-2015-8070 CVE-2015-8071 CVE-2015-8401 CVE-2015-8402 CVE-2015-8403 CVE-2015-8404 CVE-2015-8405 CVE-2015-8406 CVE-2015-8407 CVE-2015-8408 CVE-2015-8409 CVE-2015-8410 CVE-2015-8411 CVE-2015-8412 CVE-2015-8413 CVE-2015-8414 CVE-2015-8415 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418 CVE-2015-8419 CVE-2015-8420 CVE-2015-8421 CVE-2015-8422 CVE-2015-8423 CVE-2015-8424 CVE-2015-8425 CVE-2015-8426 CVE-2015-8427 CVE-2015-8428 CVE-2015-8429 CVE-2015-8430 CVE-2015-8431 CVE-2015-8432 CVE-2015-8433 CVE-2015-8434 CVE-2015-8435 CVE-2015-8436 CVE-2015-8437 CVE-2015-8438 CVE-2015-8439 CVE-2015-8440 CVE-2015-8441 CVE-2015-8442 CVE-2015-8443 CVE-2015-8444 CVE-2015-8445 CVE-2015-8446 CVE-2015-8447 CVE-2015-8448 CVE-2015-8449 CVE-2015-8450 CVE-2015-8451 CVE-2015-8452 CVE-2015-8453 CVE-2015-8454 CVE-2015-8455 Package : flashplugin Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package flashplugin before version 11.2.202.554-1 is vulnerable to multiple issues including but not limited to arbitrary code execution, security restriction bypass, denial of service and possibly other unspecified impact. Resolution ========== Upgrade to 11.2.202.554-1. # pacman -Syu "flashplugin>=11.2.202.554-1" The problems have been fixed upstream in version 11.2.202.554. Workaround ========== None. Description =========== - CVE-2015-8045 CVE-2015-8060 CVE-2015-8408 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418 CVE-2015-8419 CVE-2015-8443 CVE-2015-8444 CVE-2015-8047 CVE-2015-8451 CVE-2015-8455 (arbitrary code execution) Memory corruption vulnerabilities have been discovered that could lead to arbitrary code execution. - CVE-2015-8438 CVE-2015-8446 (arbitrary code execution) Heap buffer overflow vulnerabilities have been discovered that could lead to arbitrary code execution. - CVE-2015-8409 CVE-2015-8440 CVE-2015-8453 (security restriction bypass) Multiple issues have been discovered that are lading to security restriction bypass. - CVE-2015-8407 (arbitrary code execution) A stack overflow vulnerability has been discovered that could lead to arbitrary code execution. - CVE-2015-8439 (arbitrary code execution) A type confusion vulnerability has been discovered that could lead to arbitrary code execution. - CVE-2015-8445 (arbitrary code execution) An integer overflow vulnerability has been discovered that could lead to arbitrary code execution. - CVE-2015-8415 (arbitrary code execution) A buffer overflow vulnerability has been discovered that could lead to arbitrary code execution. - CVE-2015-8050 CVE-2015-8049 CVE-2015-8437 CVE-2015-8450 CVE-2015-8449 CVE-2015-8448 CVE-2015-8436 CVE-2015-8452 CVE-2015-8048 CVE-2015-8413 CVE-2015-8412 CVE-2015-8410 CVE-2015-8411 CVE-2015-8424 CVE-2015-8422 CVE-2015-8420 CVE-2015-8421 CVE-2015-8423 CVE-2015-8425 CVE-2015-8433 CVE-2015-8432 CVE-2015-8431 CVE-2015-8426 CVE-2015-8430 CVE-2015-8427 CVE-2015-8428 CVE-2015-8429 CVE-2015-8434 CVE-2015-8435 CVE-2015-8414 CVE-2015-8454 CVE-2015-8059 CVE-2015-8058 CVE-2015-8055 CVE-2015-8057 CVE-2015-8056 CVE-2015-8061 CVE-2015-8067 CVE-2015-8066 CVE-2015-8062 CVE-2015-8068 CVE-2015-8064 CVE-2015-8065 CVE-2015-8063 CVE-2015-8405 CVE-2015-8404 CVE-2015-8402 CVE-2015-8403 CVE-2015-8071 CVE-2015-8401 CVE-2015-8406 CVE-2015-8069 CVE-2015-8070 CVE-2015-8441 CVE-2015-8442 CVE-2015-8447 (arbitrary code execution) Multiple use-after-free vulnerabilities have been discovered that could lead to arbitrary code execution. Impact ====== A remote attacker is able to create a specially crafted SWF file that, when played, is leading to arbitrary code execution, denial of service, security restriction bypass or possibly other unspecified impact via various vectors. References ========== https://access.redhat.com/security/cve/CVE-2015-8045 https://access.redhat.com/security/cve/CVE-2015-8047 https://access.redhat.com/security/cve/CVE-2015-8048 https://access.redhat.com/security/cve/CVE-2015-8049 https://access.redhat.com/security/cve/CVE-2015-8050 https://access.redhat.com/security/cve/CVE-2015-8055 https://access.redhat.com/security/cve/CVE-2015-8056 https://access.redhat.com/security/cve/CVE-2015-8057 https://access.redhat.com/security/cve/CVE-2015-8058 https://access.redhat.com/security/cve/CVE-2015-8059 https://access.redhat.com/security/cve/CVE-2015-8060 https://access.redhat.com/security/cve/CVE-2015-8061 https://access.redhat.com/security/cve/CVE-2015-8062 https://access.redhat.com/security/cve/CVE-2015-8063 https://access.redhat.com/security/cve/CVE-2015-8064 https://access.redhat.com/security/cve/CVE-2015-8065 https://access.redhat.com/security/cve/CVE-2015-8066 https://access.redhat.com/security/cve/CVE-2015-8067 https://access.redhat.com/security/cve/CVE-2015-8068 https://access.redhat.com/security/cve/CVE-2015-8069 https://access.redhat.com/security/cve/CVE-2015-8070 https://access.redhat.com/security/cve/CVE-2015-8071 https://access.redhat.com/security/cve/CVE-2015-8401 https://access.redhat.com/security/cve/CVE-2015-8402 https://access.redhat.com/security/cve/CVE-2015-8403 https://access.redhat.com/security/cve/CVE-2015-8404 https://access.redhat.com/security/cve/CVE-2015-8405 https://access.redhat.com/security/cve/CVE-2015-8406 https://access.redhat.com/security/cve/CVE-2015-8407 https://access.redhat.com/security/cve/CVE-2015-8408 https://access.redhat.com/security/cve/CVE-2015-8409 https://access.redhat.com/security/cve/CVE-2015-8410 https://access.redhat.com/security/cve/CVE-2015-8411 https://access.redhat.com/security/cve/CVE-2015-8412 https://access.redhat.com/security/cve/CVE-2015-8413 https://access.redhat.com/security/cve/CVE-2015-8414 https://access.redhat.com/security/cve/CVE-2015-8415 https://access.redhat.com/security/cve/CVE-2015-8416 https://access.redhat.com/security/cve/CVE-2015-8417 https://access.redhat.com/security/cve/CVE-2015-8418 https://access.redhat.com/security/cve/CVE-2015-8419 https://access.redhat.com/security/cve/CVE-2015-8420 https://access.redhat.com/security/cve/CVE-2015-8421 https://access.redhat.com/security/cve/CVE-2015-8422 https://access.redhat.com/security/cve/CVE-2015-8423 https://access.redhat.com/security/cve/CVE-2015-8424 https://access.redhat.com/security/cve/CVE-2015-8425 https://access.redhat.com/security/cve/CVE-2015-8426 https://access.redhat.com/security/cve/CVE-2015-8427 https://access.redhat.com/security/cve/CVE-2015-8428 https://access.redhat.com/security/cve/CVE-2015-8429 https://access.redhat.com/security/cve/CVE-2015-8430 https://access.redhat.com/security/cve/CVE-2015-8431 https://access.redhat.com/security/cve/CVE-2015-8432 https://access.redhat.com/security/cve/CVE-2015-8433 https://access.redhat.com/security/cve/CVE-2015-8434 https://access.redhat.com/security/cve/CVE-2015-8435 https://access.redhat.com/security/cve/CVE-2015-8436 https://access.redhat.com/security/cve/CVE-2015-8437 https://access.redhat.com/security/cve/CVE-2015-8438 https://access.redhat.com/security/cve/CVE-2015-8439 https://access.redhat.com/security/cve/CVE-2015-8440 https://access.redhat.com/security/cve/CVE-2015-8441 https://access.redhat.com/security/cve/CVE-2015-8442 https://access.redhat.com/security/cve/CVE-2015-8443 https://access.redhat.com/security/cve/CVE-2015-8444 https://access.redhat.com/security/cve/CVE-2015-8445 https://access.redhat.com/security/cve/CVE-2015-8446 https://access.redhat.com/security/cve/CVE-2015-8447 https://access.redhat.com/security/cve/CVE-2015-8448 https://access.redhat.com/security/cve/CVE-2015-8449 https://access.redhat.com/security/cve/CVE-2015-8450 https://access.redhat.com/security/cve/CVE-2015-8451 https://access.redhat.com/security/cve/CVE-2015-8452 https://access.redhat.com/security/cve/CVE-2015-8453 https://access.redhat.com/security/cve/CVE-2015-8454 https://access.redhat.com/security/cve/CVE-2015-8455 https://helpx.adobe.com/security/products/flash-player/apsb15-32.html