[arch-security] [ASA-201701-16] flashplugin: multiple issues
Remi Gacogne
rgacogne at archlinux.org
Fri Jan 13 08:38:04 UTC 2017
Arch Linux Security Advisory ASA-201701-16
==========================================
Severity: Critical
Date : 2017-01-12
CVE-ID : CVE-2017-2925 CVE-2017-2926 CVE-2017-2927 CVE-2017-2928
CVE-2017-2930 CVE-2017-2931 CVE-2017-2932 CVE-2017-2933
CVE-2017-2934 CVE-2017-2935 CVE-2017-2936 CVE-2017-2937
CVE-2017-2938
Package : flashplugin
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-135
Summary
=======
The package flashplugin before version 24.0.0.194-1 is vulnerable to
multiple issues including arbitrary code execution and information
disclosure.
Resolution
==========
Upgrade to 24.0.0.194-1.
# pacman -Syu "flashplugin>=24.0.0.194-1"
The problems have been fixed upstream in version 24.0.0.194.
Workaround
==========
None.
Description
===========
- CVE-2017-2925 (arbitrary code execution)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability in the JPEG XR codec.
- CVE-2017-2926 (arbitrary code execution)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability related to processing of atoms in MP4
files.
- CVE-2017-2927 (arbitrary code execution)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
heap overflow vulnerability when processing Adobe Texture Format files.
- CVE-2017-2928 (arbitrary code execution)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability related to setting visual mode effects.
- CVE-2017-2930 (arbitrary code execution)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability due to a concurrency error when
manipulating a display list. Successful exploitation could lead to
arbitrary code execution.
- CVE-2017-2931 (arbitrary code execution)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability related to the parsing of SWF metadata.
- CVE-2017-2932 (arbitrary code execution)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
use after free vulnerability in the ActionScript MovieClip class.
- CVE-2017-2933 (arbitrary code execution)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
heap overflow vulnerability related to texture compression.
- CVE-2017-2934 (arbitrary code execution)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
heap overflow vulnerability when parsing Adobe Texture Format files.
- CVE-2017-2935 (arbitrary code execution)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
heap overflow vulnerability when processing the Flash Video container
file format.
- CVE-2017-2936 (arbitrary code execution)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
use after free vulnerability in the ActionScript FileReference class.
- CVE-2017-2937 (arbitrary code execution)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
use after free vulnerability in the ActionScript FileReference class,
when using class inheritance.
- CVE-2017-2938 (information disclosure)
Adobe Flash Player versions 24.0.0.186 and earlier have a security
bypass vulnerability related to handling TCP connections.
Impact
======
A remote attacker can access sensitive information or execute arbitrary
code on the affected host.
References
==========
https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
https://security.archlinux.org/CVE-2017-2925
https://security.archlinux.org/CVE-2017-2926
https://security.archlinux.org/CVE-2017-2927
https://security.archlinux.org/CVE-2017-2928
https://security.archlinux.org/CVE-2017-2930
https://security.archlinux.org/CVE-2017-2931
https://security.archlinux.org/CVE-2017-2932
https://security.archlinux.org/CVE-2017-2933
https://security.archlinux.org/CVE-2017-2934
https://security.archlinux.org/CVE-2017-2935
https://security.archlinux.org/CVE-2017-2936
https://security.archlinux.org/CVE-2017-2937
https://security.archlinux.org/CVE-2017-2938
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170113/66991e9d/attachment.asc>
More information about the arch-security
mailing list