[arch-security] [ASA-201701-16] flashplugin: multiple issues

Remi Gacogne rgacogne at archlinux.org
Fri Jan 13 08:38:04 UTC 2017


Arch Linux Security Advisory ASA-201701-16
==========================================

Severity: Critical
Date    : 2017-01-12
CVE-ID  : CVE-2017-2925 CVE-2017-2926 CVE-2017-2927 CVE-2017-2928
          CVE-2017-2930 CVE-2017-2931 CVE-2017-2932 CVE-2017-2933
          CVE-2017-2934 CVE-2017-2935 CVE-2017-2936 CVE-2017-2937
          CVE-2017-2938
Package : flashplugin
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-135

Summary
=======

The package flashplugin before version 24.0.0.194-1 is vulnerable to
multiple issues including arbitrary code execution and information
disclosure.

Resolution
==========

Upgrade to 24.0.0.194-1.

# pacman -Syu "flashplugin>=24.0.0.194-1"

The problems have been fixed upstream in version 24.0.0.194.

Workaround
==========

None.

Description
===========

- CVE-2017-2925 (arbitrary code execution)

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability in the JPEG XR codec.

- CVE-2017-2926 (arbitrary code execution)

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability related to processing of atoms in MP4
files.

- CVE-2017-2927 (arbitrary code execution)

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
heap overflow vulnerability when processing Adobe Texture Format files.

- CVE-2017-2928 (arbitrary code execution)

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability related to setting visual mode effects.

- CVE-2017-2930 (arbitrary code execution)

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability due to a concurrency error when
manipulating a display list. Successful exploitation could lead to
arbitrary code execution.

- CVE-2017-2931 (arbitrary code execution)

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability related to the parsing of SWF metadata.

- CVE-2017-2932 (arbitrary code execution)

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
use after free vulnerability in the ActionScript MovieClip class.

- CVE-2017-2933 (arbitrary code execution)

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
heap overflow vulnerability related to texture compression.

- CVE-2017-2934 (arbitrary code execution)

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
heap overflow vulnerability when parsing Adobe Texture Format files.

- CVE-2017-2935 (arbitrary code execution)

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
heap overflow vulnerability when processing the Flash Video container
file format.

- CVE-2017-2936 (arbitrary code execution)

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
use after free vulnerability in the ActionScript FileReference class.

- CVE-2017-2937 (arbitrary code execution)

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
use after free vulnerability in the ActionScript FileReference class,
when using class inheritance.

- CVE-2017-2938 (information disclosure)

Adobe Flash Player versions 24.0.0.186 and earlier have a security
bypass vulnerability related to handling TCP connections.

Impact
======

A remote attacker can access sensitive information or execute arbitrary
code on the affected host.

References
==========

https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
https://security.archlinux.org/CVE-2017-2925
https://security.archlinux.org/CVE-2017-2926
https://security.archlinux.org/CVE-2017-2927
https://security.archlinux.org/CVE-2017-2928
https://security.archlinux.org/CVE-2017-2930
https://security.archlinux.org/CVE-2017-2931
https://security.archlinux.org/CVE-2017-2932
https://security.archlinux.org/CVE-2017-2933
https://security.archlinux.org/CVE-2017-2934
https://security.archlinux.org/CVE-2017-2935
https://security.archlinux.org/CVE-2017-2936
https://security.archlinux.org/CVE-2017-2937
https://security.archlinux.org/CVE-2017-2938

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170113/66991e9d/attachment.asc>


More information about the arch-security mailing list