[arch-security] [ASA-201510-7] flashplugin: multiple issues
Arch Linux Security Advisory ASA-201510-7 ========================================= Severity: Critical Date : 2015-10-14 CVE-ID : CVE-2015-5569 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631 CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7643 CVE-2015-7644 Package : flashplugin Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package flashplugin before version 11.2.202.535-1 is vulnerable to multiple issues including but not limited to arbitrary code execution, same-origin-policy bypass and information disclosure. Resolution ========== Upgrade to 11.2.202.535-1. # pacman -Syu "flashplugin>=11.2.202.535-1" The problems have been fixed upstream in version 11.2.202.535. Workaround ========== None. Description =========== - CVE-2015-5569 (information leak, insufficient hardening) These updates include a defense-in-depth feature in the Flash broker API. - CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7630 CVE-2015-7633 CVE-2015-7634 (arbitrary code execution) These updates resolve memory corruption vulnerabilities that could lead to code execution. - CVE-2015-7628 (same-origin-policy bypass, information disclosure) These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure. - CVE-2015-7629 CVE-2015-7631 CVE-2015-7643 CVE-2015-7644 (arbitrary code execution) These updates resolve use-after-free vulnerabilities that could lead to code execution. - CVE-2015-7632 (arbitrary code execution) These updates resolve a buffer overflow vulnerability that could lead to code execution. Impact ====== A remote attacker is able to execute arbitrary code, bypass the same-origin-policy and disclose sensitive information via various vectors. References ========== https://access.redhat.com/security/cve/CVE-2015-5569 https://access.redhat.com/security/cve/CVE-2015-7625 https://access.redhat.com/security/cve/CVE-2015-7626 https://access.redhat.com/security/cve/CVE-2015-7627 https://access.redhat.com/security/cve/CVE-2015-7628 https://access.redhat.com/security/cve/CVE-2015-7629 https://access.redhat.com/security/cve/CVE-2015-7630 https://access.redhat.com/security/cve/CVE-2015-7631 https://access.redhat.com/security/cve/CVE-2015-7632 https://access.redhat.com/security/cve/CVE-2015-7633 https://access.redhat.com/security/cve/CVE-2015-7634 https://access.redhat.com/security/cve/CVE-2015-7643 https://access.redhat.com/security/cve/CVE-2015-7644 https://helpx.adobe.com/security/products/flash-player/apsb15-25.html
participants (1)
-
Levente Polyak