Arch Linux ASA-201507-7 Critical Flashplugin Remote Code Execution

Arch Linux Security Advisory ASA-201507-7
========================================
Severity: Critical
Date    : 2015-07-08
CVE-ID  : CVE-2015-5119
Package : flashplugin
Type    : remote code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package flashplugin before version 11.2.202.481-1 is vulnerable to
remote code execution.

Resolution
=========
Upgrade to 11.2.202.481-1.

# pacman -Syu "flashplugin>=11.2.202.481-1"

The problem has been fixed upstream in version 11.2.202.481.

Workaround
=========
None.

Description
==========
A critical vulnerability (use-after-free in the AS3 ByteArray class) has
been identified in Adobe Flash Player 18.0.0.194 and earlier versions
for Windows, Macintosh and Linux. Successful exploitation could cause a
crash and potentially allow an attacker to take control of the affected
system.

Adobe is aware of reports that an exploit targeting this vulnerability
has been published publicly.

Impact
=====
A remote attacker can execute arbitrary code on the affected host using
a crafted flash application.

References
=========
https://access.redhat.com/security/cve/CVE-2015-5119
https://www.kb.cert.org/vuls/id/561288