Arch Linux Security Advisory ASA-201507-7 ========================================= Severity: Critical Date : 2015-07-08 CVE-ID : CVE-2015-5119 Package : flashplugin Type : remote code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package flashplugin before version 11.2.202.481-1 is vulnerable to remote code execution. Resolution ========== Upgrade to 11.2.202.481-1. # pacman -Syu "flashplugin>=11.2.202.481-1" The problem has been fixed upstream in version 11.2.202.481. Workaround ========== None. Description =========== A critical vulnerability (use-after-free in the AS3 ByteArray class) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Impact ====== A remote attacker can execute arbitrary code on the affected host using a crafted flash application. References ========== https://access.redhat.com/security/cve/CVE-2015-5119 https://helpx.adobe.com/security/products/flash-player/apsa15-03.html https://www.kb.cert.org/vuls/id/561288 http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-p...