[arch-security] [ASA-201510-7] flashplugin: multiple issues
anthraxx at archlinux.org
Wed Oct 14 01:19:13 UTC 2015
Arch Linux Security Advisory ASA-201510-7
Date : 2015-10-14
CVE-ID : CVE-2015-5569 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627
CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631
CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7643
Package : flashplugin
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package flashplugin before version 18.104.22.1685-1 is vulnerable to
multiple issues including but not limited to arbitrary code execution,
same-origin-policy bypass and information disclosure.
Upgrade to 22.214.171.1245-1.
# pacman -Syu "flashplugin>=126.96.36.1995-1"
The problems have been fixed upstream in version 188.8.131.525.
- CVE-2015-5569 (information leak, insufficient hardening)
These updates include a defense-in-depth feature in the Flash broker API.
- CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7630 CVE-2015-7633
CVE-2015-7634 (arbitrary code execution)
These updates resolve memory corruption vulnerabilities that could lead
to code execution.
- CVE-2015-7628 (same-origin-policy bypass, information disclosure)
These updates resolve a vulnerability that could be exploited to bypass
the same-origin-policy and lead to information disclosure.
- CVE-2015-7629 CVE-2015-7631 CVE-2015-7643 CVE-2015-7644
(arbitrary code execution)
These updates resolve use-after-free vulnerabilities that could lead to
- CVE-2015-7632 (arbitrary code execution)
These updates resolve a buffer overflow vulnerability that could lead to
A remote attacker is able to execute arbitrary code, bypass the
same-origin-policy and disclose sensitive information via various vectors.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security