Arch Linux Security Advisory ASA-201711-21 ========================================== Severity: Critical Date : 2017-11-15 CVE-ID : CVE-2017-11213 CVE-2017-11215 CVE-2017-11225 CVE-2017-3112 CVE-2017-3114 Package : flashplugin Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-492 Summary ======= The package flashplugin before version 27.0.0.187-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 27.0.0.187-1. # pacman -Syu "flashplugin>=27.0.0.187-1" The problems have been fixed upstream in version 27.0.0.187. Workaround ========== None. Description =========== - CVE-2017-11213 (arbitrary code execution) An out-of-bounds access vulnerability has been discovered in flashplugin before 27.0.0.187 leading to arbitrary code execution when playing a specially crafted SWF file. - CVE-2017-11215 (arbitrary code execution) An use after free vulnerability has been discovered in flashplugin before 27.0.0.187 leading to arbitrary code execution when playing a specially crafted SWF file. - CVE-2017-11225 (arbitrary code execution) An use after free vulnerability has been discovered in flashplugin before 27.0.0.187 leading to arbitrary code execution when playing a specially crafted SWF file. - CVE-2017-3112 (arbitrary code execution) An out-of-bounds access vulnerability has been discovered in flashplugin before 27.0.0.187 leading to arbitrary code execution when playing a specially crafted SWF file. - CVE-2017-3114 (arbitrary code execution) An out-of-bounds access vulnerability has been discovered in flashplugin before 27.0.0.187 leading to arbitrary code execution when playing a specially crafted SWF file. Impact ====== A remote attacker is able to execute arbitrary code on the affected host via a specially crafted SWF file. References ========== https://helpx.adobe.com/security/products/flash-player/apsb17-33.html https://security.archlinux.org/CVE-2017-11213 https://security.archlinux.org/CVE-2017-11215 https://security.archlinux.org/CVE-2017-11225 https://security.archlinux.org/CVE-2017-3112 https://security.archlinux.org/CVE-2017-3114