Arch Linux Security Advisory ASA-201506-5 ========================================= Severity: Critical Date : 2015-06-24 CVE-ID : CVE-2015-3113 Package : flashplugin Type : remote code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package flashplugin before version 11.2.202.468-1 is vulnerable to remote code execution. Resolution ========== Upgrade to 11.2.202.468-1. # pacman -Syu "flashplugin>=11.2.202.468-1" The problem has been fixed upstream in version 11.2.202.468. Workaround ========== This issue can be mitigated by disabling the flash plugin. Description =========== A heap-based buffer overflow has been found in the FLV handling of Adobe Flash Player, leading to code execution. Impact ====== A remote attacker may be able to execute arbitrary code on a vulnerable host. References ========== https://helpx.adobe.com/security/products/flash-player/apsb15-14.html https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-w... https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3113