[arch-security] [ASA-201501-8] flashplugin: multiple issues
rgacogne at archlinux.org
Thu Jan 15 16:49:14 UTC 2015
Arch Linux Security Advisory ASA-201501-8
Date : 2014-01-15
CVE-ID : CVE-2015-0301 CVE-2015-0302 CVE-2015-0303 CVE-2015-0304
CVE-2015-0305 CVE-2015-0306 CVE-2015-0307 CVE-2015-0308 CVE-2015-0309
Package : flashplugin
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package flashplugin before version 184.108.40.2069-1 is vulnerable to
multiple issues, including but not limited to remote code execution.
Upgrade to 220.127.116.119-1.
# pacman -Syu "flashplugin>=18.104.22.1689-1"
The problem has been fixed upstream in version 22.214.171.1249.
If an upgrade is not possible, you may want to disable the flashplugin
on your system.
Improper file validation issue.
- CVE-2015-0302 (information disclosure)
Information disclosure vulnerability that could be exploited to capture
keystrokes on the affected system.
- CVE-2015-0303, CVE-2015-0306 (arbitrary code execution)
Memory corruption vulnerabilities that could lead to code execution.
- CVE-2015-0304, CVE-2015-0309 (arbitrary code execution)
Heap-based buffer overflow vulnerabilities that could lead to code execution
- CVE-2015-0305 (arbitrary code execution)
Type confusion vulnerability that could lead to code execution.
- CVE-2015-0307 (information disclosure)
Out-of-bounds read vulnerability that could be exploited to leak memory
- CVE-2015-0308 (arbitrary code execution)
Use-after-free vulnerability that could lead to code execution.
An attacker able to supply a malicious flash application may be able to
capture keystrokes or execute arbitrary code on the affected system.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security