Arch Linux Security Advisory ASA-201507-7
========================================
Severity: Critical
Date    : 2015-07-08
CVE-ID  : CVE-2015-5119
Package : flashplugin
Type    : remote code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
======
The package flashplugin before version 11.2.202.481-1 is vulnerable to
remote code execution.

Resolution
=========
Upgrade to 11.2.202.481-1.

# pacman -Syu "flashplugin>=11.2.202.481-1"

The problem has been fixed upstream in version 11.2.202.481.

Workaround
=========
None.

Description
==========
A critical vulnerability (use-after-free in the AS3 ByteArray class) has
been identified in Adobe Flash Player 18.0.0.194 and earlier versions
for Windows, Macintosh and Linux. Successful exploitation could cause a
crash and potentially allow an attacker to take control of the affected
system.

Adobe is aware of reports that an exploit targeting this vulnerability
has been published publicly.

Impact
=====
A remote attacker can execute arbitrary code on the affected host using
a crafted flash application.

References
=========
https://access.redhat.com/security/cve/CVE-2015-5119
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
https://www.kb.cert.org/vuls/id/561288

ArchLinux: 201507-7: flashplugin: remote code execution

July 8, 2015

Summary

A critical vulnerability (use-after-free in the AS3 ByteArray class) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly.

Resolution

Upgrade to 11.2.202.481-1. # pacman -Syu "flashplugin>=11.2.202.481-1"
The problem has been fixed upstream in version 11.2.202.481.

References

https://access.redhat.com/security/cve/CVE-2015-5119 https://helpx.adobe.com/security/products/flash-player/apsa15-03.html https://www.kb.cert.org/vuls/id/561288

Severity
Package : flashplugin
Type : remote code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE

Workaround

None.