[arch-security] [ASA-201503-11] flashplugin: multiple issues
Arch Linux Security Advisory ASA-201503-11 ========================================== Severity: Critical Date : 2015-03-16 CVE-ID : CVE-2015-0332 CVE-2015-0333 CVE-2015-0334 CVE-2015-0335 CVE-2015-0336 CVE-2015-0337 CVE-2015-0338 CVE-2015-0339 CVE-2015-0340 CVE-2015-0341 CVE-2015-0342 Package : flashplugin Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package flashplugin before version 11.2.202.451-1 is vulnerable to multiple issues including remote code execution, cross-domain policy bypass and file upload restriction bypass. Resolution ========== Upgrade to 11.2.202.451-1. # pacman -Syu "flashplugin>=11.2.202.451-1" The problem has been fixed upstream in version 11.2.202.451. Workaround ========== None. Description =========== - CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339: Memory corruption vulnerabilities leading to code execution. -CVE-2015-0334, CVE-2015-0336: Type confusion vulnerabilities leading to code execution. - CVE-2015-0337 : Vulnerability leading to a cross-domain policy bypass. - CVE-2015-0338: Integer overflow vulnerability leading to code execution. - CVE-2015-0340: Vulnerability leading to a file upload restriction bypass. - CVE-2015-0341, CVE-2015-0342: Use-after-free vulnerabilities leading to code execution. Impact ====== A remote attacker can execute arbitrary code via a carefully crafted flash file. References ========== https://helpx.adobe.com/security/products/flash-player/apsb15-05.html https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0332 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0333 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0334 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0335 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0336 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0337 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0338 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0339 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0340 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0341 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0342
participants (1)
-
Remi Gacogne