[arch-security] [ASA-201610-19] lib32-flashplugin: arbitrary code execution
Arch Linux Security Advisory ASA-201610-19 ========================================== Severity: Critical Date : 2016-10-26 CVE-ID : CVE-2016-7855 Package : lib32-flashplugin Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-flashplugin before version 11.2.202.643-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 11.2.202.643-1. # pacman -Syu "lib32-flashplugin>=11.2.202.643-1" The problem has been fixed upstream in version 11.2.202.643. Workaround ========== None. Description =========== A use-after-free vulnerability leading to code execution has been found in Adobe Flash Player. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://helpx.adobe.com/security/products/flash-player/apsb16-36.html https://access.redhat.com/security/cve/CVE-2016-7855
participants (1)
-
Remi Gacogne