Arch Linux Security Advisory ASA-201603-11 ========================================== Severity: Critical Date : 2016-03-11 CVE-ID : CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 Package : lib32-flashplugin Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-flashplugin before version 11.2.202.577-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 11.2.202.577-1. # pacman -Syu "lib32-flashplugin>=11.2.202.577-1" The problem has been fixed upstream in version 11.2.202.577. Workaround ========== None. Description =========== - CVE-2016-0963 CVE-2016-0993 CVE-2016-1010 (arbitrary code execution) Integer overflow vulnerabilities that could lead to code execution. - CVE-2016-0987 CVE-2016-0988 CVE-2016-0990 CVE-2016-0991 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 (arbitrary code execution) Use-after-free vulnerabilities that could lead to code execution. - CVE-2016-1001 (arbitrary code execution) Heap overflow vulnerability that could lead to code execution. - CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0986 CVE-2016-0989 CVE-2016-0992 CVE-2016-1002 CVE-2016-1005 (arbitrary code execution) Memory corruption vulnerabilities that could lead to code execution. Impact ====== A remote attacker is able to craft a special flash file that, when visited, executes arbitrary code via multiple vectors. References ========== https://access.redhat.com/security/cve/CVE-2016-0960 https://access.redhat.com/security/cve/CVE-2016-0961 https://access.redhat.com/security/cve/CVE-2016-0962 https://access.redhat.com/security/cve/CVE-2016-0963 https://access.redhat.com/security/cve/CVE-2016-0986 https://access.redhat.com/security/cve/CVE-2016-0987 https://access.redhat.com/security/cve/CVE-2016-0988 https://access.redhat.com/security/cve/CVE-2016-0989 https://access.redhat.com/security/cve/CVE-2016-0990 https://access.redhat.com/security/cve/CVE-2016-0991 https://access.redhat.com/security/cve/CVE-2016-0992 https://access.redhat.com/security/cve/CVE-2016-0993 https://access.redhat.com/security/cve/CVE-2016-0994 https://access.redhat.com/security/cve/CVE-2016-0995 https://access.redhat.com/security/cve/CVE-2016-0996 https://access.redhat.com/security/cve/CVE-2016-0997 https://access.redhat.com/security/cve/CVE-2016-0998 https://access.redhat.com/security/cve/CVE-2016-0999 https://access.redhat.com/security/cve/CVE-2016-1000 https://access.redhat.com/security/cve/CVE-2016-1001 https://access.redhat.com/security/cve/CVE-2016-1002 https://access.redhat.com/security/cve/CVE-2016-1005 https://access.redhat.com/security/cve/CVE-2016-1010 https://helpx.adobe.com/security/products/flash-player/apsb16-08.html