[arch-security] [ASA-201502-2] flashplugin: remote code execution

Arch Linux Security Advisory ASA-201502-2 ========================================= Severity: Critical Date : 2015-02-06 CVE-ID : CVE-2015-0313 CVE-2015-0314 CVE-2015-0315 CVE-2015-0316 CVE-2015-0317 CVE-2015-0318 CVE-2015-0319 CVE-2015-0320 CVE-2015-0321 CVE-2015-0322 CVE-2015-0323 CVE-2015-0324 CVE-2015-0325 CVE-2015-0326 CVE-2015-0327 CVE-2015-0328 CVE-2015-0329 CVE-2015-0330 Package : flashplugin Type : remote code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package flashplugin before version 11.2.202.442-1 is vulnerable to remote code execution. Resolution ========== Upgrade to 11.2.202.442-1. # pacman -Syu "flashplugin>=11.2.202.442-1" The problem has been fixed upstream in version 11.2.202.442. Workaround ========== None. Description =========== - CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322 Use-after-free vulnerabilities leading to arbitrary code execution. - (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330 Memory corruption vulnerabilities leading to arbitrary code execution. - CVE-2015-0317, CVE-2015-0319 Type confusion vulnerabilities leading to arbitrary code execution. - CVE-2015-0323, CVE-2015-0327 Heap overflow vulnerabilities leading to arbitrary code execution. - CVE-2015-0324 Buffer overflow vulnerability leading to arbitrary code execution. - CVE-2015-0325, CVE-2015-0326, CVE-2015-0328 Null-pointer dereference issues, possibly leading to denial of service or other unspecified impact. Impact ====== A remote attacker can execute arbitrary code. References ========== https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0313 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0314 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0315 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0316 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0317 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0318 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0319 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0320 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0321 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0322 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0323 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0324 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0325 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0326 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0327 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0328 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0329 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0330 https://helpx.adobe.com/security/products/flash-player/apsb15-04.html