[arch-security] [ASA-201512-7] flashplugin: multiple issues
Levente Polyak
anthraxx at archlinux.org
Wed Dec 9 20:10:55 UTC 2015
Arch Linux Security Advisory ASA-201512-7
=========================================
Severity: Critical
Date : 2015-12-09
CVE-ID : CVE-2015-8045 CVE-2015-8047 CVE-2015-8048 CVE-2015-8049
CVE-2015-8050 CVE-2015-8055 CVE-2015-8056 CVE-2015-8057
CVE-2015-8058 CVE-2015-8059 CVE-2015-8060 CVE-2015-8061
CVE-2015-8062 CVE-2015-8063 CVE-2015-8064 CVE-2015-8065
CVE-2015-8066 CVE-2015-8067 CVE-2015-8068 CVE-2015-8069
CVE-2015-8070 CVE-2015-8071 CVE-2015-8401 CVE-2015-8402
CVE-2015-8403 CVE-2015-8404 CVE-2015-8405 CVE-2015-8406
CVE-2015-8407 CVE-2015-8408 CVE-2015-8409 CVE-2015-8410
CVE-2015-8411 CVE-2015-8412 CVE-2015-8413 CVE-2015-8414
CVE-2015-8415 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418
CVE-2015-8419 CVE-2015-8420 CVE-2015-8421 CVE-2015-8422
CVE-2015-8423 CVE-2015-8424 CVE-2015-8425 CVE-2015-8426
CVE-2015-8427 CVE-2015-8428 CVE-2015-8429 CVE-2015-8430
CVE-2015-8431 CVE-2015-8432 CVE-2015-8433 CVE-2015-8434
CVE-2015-8435 CVE-2015-8436 CVE-2015-8437 CVE-2015-8438
CVE-2015-8439 CVE-2015-8440 CVE-2015-8441 CVE-2015-8442
CVE-2015-8443 CVE-2015-8444 CVE-2015-8445 CVE-2015-8446
CVE-2015-8447 CVE-2015-8448 CVE-2015-8449 CVE-2015-8450
CVE-2015-8451 CVE-2015-8452 CVE-2015-8453 CVE-2015-8454
CVE-2015-8455
Package : flashplugin
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package flashplugin before version 11.2.202.554-1 is vulnerable to
multiple issues including but not limited to arbitrary code execution,
security restriction bypass, denial of service and possibly other
unspecified impact.
Resolution
==========
Upgrade to 11.2.202.554-1.
# pacman -Syu "flashplugin>=11.2.202.554-1"
The problems have been fixed upstream in version 11.2.202.554.
Workaround
==========
None.
Description
===========
- CVE-2015-8045 CVE-2015-8060 CVE-2015-8408 CVE-2015-8416 CVE-2015-8417
CVE-2015-8418 CVE-2015-8419 CVE-2015-8443 CVE-2015-8444 CVE-2015-8047
CVE-2015-8451 CVE-2015-8455 (arbitrary code execution)
Memory corruption vulnerabilities have been discovered that could lead
to arbitrary code execution.
- CVE-2015-8438 CVE-2015-8446 (arbitrary code execution)
Heap buffer overflow vulnerabilities have been discovered that could
lead to arbitrary code execution.
- CVE-2015-8409 CVE-2015-8440 CVE-2015-8453
(security restriction bypass)
Multiple issues have been discovered that are lading to security
restriction bypass.
- CVE-2015-8407 (arbitrary code execution)
A stack overflow vulnerability has been discovered that could lead to
arbitrary code execution.
- CVE-2015-8439 (arbitrary code execution)
A type confusion vulnerability has been discovered that could lead to
arbitrary code execution.
- CVE-2015-8445 (arbitrary code execution)
An integer overflow vulnerability has been discovered that could lead to
arbitrary code execution.
- CVE-2015-8415 (arbitrary code execution)
A buffer overflow vulnerability has been discovered that could lead to
arbitrary code execution.
- CVE-2015-8050 CVE-2015-8049 CVE-2015-8437 CVE-2015-8450 CVE-2015-8449
CVE-2015-8448 CVE-2015-8436 CVE-2015-8452 CVE-2015-8048 CVE-2015-8413
CVE-2015-8412 CVE-2015-8410 CVE-2015-8411 CVE-2015-8424 CVE-2015-8422
CVE-2015-8420 CVE-2015-8421 CVE-2015-8423 CVE-2015-8425 CVE-2015-8433
CVE-2015-8432 CVE-2015-8431 CVE-2015-8426 CVE-2015-8430 CVE-2015-8427
CVE-2015-8428 CVE-2015-8429 CVE-2015-8434 CVE-2015-8435 CVE-2015-8414
CVE-2015-8454 CVE-2015-8059 CVE-2015-8058 CVE-2015-8055 CVE-2015-8057
CVE-2015-8056 CVE-2015-8061 CVE-2015-8067 CVE-2015-8066 CVE-2015-8062
CVE-2015-8068 CVE-2015-8064 CVE-2015-8065 CVE-2015-8063 CVE-2015-8405
CVE-2015-8404 CVE-2015-8402 CVE-2015-8403 CVE-2015-8071 CVE-2015-8401
CVE-2015-8406 CVE-2015-8069 CVE-2015-8070 CVE-2015-8441 CVE-2015-8442
CVE-2015-8447 (arbitrary code execution)
Multiple use-after-free vulnerabilities have been discovered that could
lead to arbitrary code execution.
Impact
======
A remote attacker is able to create a specially crafted SWF file that,
when played, is leading to arbitrary code execution, denial of service,
security restriction bypass or possibly other unspecified impact via
various vectors.
References
==========
https://access.redhat.com/security/cve/CVE-2015-8045
https://access.redhat.com/security/cve/CVE-2015-8047
https://access.redhat.com/security/cve/CVE-2015-8048
https://access.redhat.com/security/cve/CVE-2015-8049
https://access.redhat.com/security/cve/CVE-2015-8050
https://access.redhat.com/security/cve/CVE-2015-8055
https://access.redhat.com/security/cve/CVE-2015-8056
https://access.redhat.com/security/cve/CVE-2015-8057
https://access.redhat.com/security/cve/CVE-2015-8058
https://access.redhat.com/security/cve/CVE-2015-8059
https://access.redhat.com/security/cve/CVE-2015-8060
https://access.redhat.com/security/cve/CVE-2015-8061
https://access.redhat.com/security/cve/CVE-2015-8062
https://access.redhat.com/security/cve/CVE-2015-8063
https://access.redhat.com/security/cve/CVE-2015-8064
https://access.redhat.com/security/cve/CVE-2015-8065
https://access.redhat.com/security/cve/CVE-2015-8066
https://access.redhat.com/security/cve/CVE-2015-8067
https://access.redhat.com/security/cve/CVE-2015-8068
https://access.redhat.com/security/cve/CVE-2015-8069
https://access.redhat.com/security/cve/CVE-2015-8070
https://access.redhat.com/security/cve/CVE-2015-8071
https://access.redhat.com/security/cve/CVE-2015-8401
https://access.redhat.com/security/cve/CVE-2015-8402
https://access.redhat.com/security/cve/CVE-2015-8403
https://access.redhat.com/security/cve/CVE-2015-8404
https://access.redhat.com/security/cve/CVE-2015-8405
https://access.redhat.com/security/cve/CVE-2015-8406
https://access.redhat.com/security/cve/CVE-2015-8407
https://access.redhat.com/security/cve/CVE-2015-8408
https://access.redhat.com/security/cve/CVE-2015-8409
https://access.redhat.com/security/cve/CVE-2015-8410
https://access.redhat.com/security/cve/CVE-2015-8411
https://access.redhat.com/security/cve/CVE-2015-8412
https://access.redhat.com/security/cve/CVE-2015-8413
https://access.redhat.com/security/cve/CVE-2015-8414
https://access.redhat.com/security/cve/CVE-2015-8415
https://access.redhat.com/security/cve/CVE-2015-8416
https://access.redhat.com/security/cve/CVE-2015-8417
https://access.redhat.com/security/cve/CVE-2015-8418
https://access.redhat.com/security/cve/CVE-2015-8419
https://access.redhat.com/security/cve/CVE-2015-8420
https://access.redhat.com/security/cve/CVE-2015-8421
https://access.redhat.com/security/cve/CVE-2015-8422
https://access.redhat.com/security/cve/CVE-2015-8423
https://access.redhat.com/security/cve/CVE-2015-8424
https://access.redhat.com/security/cve/CVE-2015-8425
https://access.redhat.com/security/cve/CVE-2015-8426
https://access.redhat.com/security/cve/CVE-2015-8427
https://access.redhat.com/security/cve/CVE-2015-8428
https://access.redhat.com/security/cve/CVE-2015-8429
https://access.redhat.com/security/cve/CVE-2015-8430
https://access.redhat.com/security/cve/CVE-2015-8431
https://access.redhat.com/security/cve/CVE-2015-8432
https://access.redhat.com/security/cve/CVE-2015-8433
https://access.redhat.com/security/cve/CVE-2015-8434
https://access.redhat.com/security/cve/CVE-2015-8435
https://access.redhat.com/security/cve/CVE-2015-8436
https://access.redhat.com/security/cve/CVE-2015-8437
https://access.redhat.com/security/cve/CVE-2015-8438
https://access.redhat.com/security/cve/CVE-2015-8439
https://access.redhat.com/security/cve/CVE-2015-8440
https://access.redhat.com/security/cve/CVE-2015-8441
https://access.redhat.com/security/cve/CVE-2015-8442
https://access.redhat.com/security/cve/CVE-2015-8443
https://access.redhat.com/security/cve/CVE-2015-8444
https://access.redhat.com/security/cve/CVE-2015-8445
https://access.redhat.com/security/cve/CVE-2015-8446
https://access.redhat.com/security/cve/CVE-2015-8447
https://access.redhat.com/security/cve/CVE-2015-8448
https://access.redhat.com/security/cve/CVE-2015-8449
https://access.redhat.com/security/cve/CVE-2015-8450
https://access.redhat.com/security/cve/CVE-2015-8451
https://access.redhat.com/security/cve/CVE-2015-8452
https://access.redhat.com/security/cve/CVE-2015-8453
https://access.redhat.com/security/cve/CVE-2015-8454
https://access.redhat.com/security/cve/CVE-2015-8455
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20151209/fb3cc3cc/attachment.asc>
More information about the arch-security
mailing list