ArchLinux: 201506-5: flashplugin: remote code execution
Summary
A heap-based buffer overflow has been found in the FLV handling of Adobe Flash Player, leading to code execution.
Resolution
Upgrade to 11.2.202.468-1.
# pacman -Syu "flashplugin>=11.2.202.468-1"
The problem has been fixed upstream in version 11.2.202.468.
References
https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html https://www.mandiant.com/resources/blog/operation-clandestine-wolf-adobe-flash-zero-day https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3113
Workaround
This issue can be mitigated by disabling the flash plugin.