Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Arch Linux: ASA-201510-12 Critical: Flashplugin Remote Execution

Archlinux Large Esm H446
The package flashplugin before version 11.2.202.540-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201510-12
=========================================
Severity: Critical
Date    : 2015-10-18
CVE-ID  : CVE-2015-7645 CVE-2015-7647 CVE-2015-7648
Package : flashplugin
Type    : arbitrary code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package flashplugin before version 11.2.202.540-1 is vulnerable to
arbitrary code execution.

Resolution
=========
Upgrade to 11.2.202.540-1.

# pacman -Syu "flashplugin>=11.2.202.540-1"

The problem has been fixed upstream in version 11.2.202.540.

Workaround
=========
None.

Description
==========
Several critical type confusion vulnerabilities (CVE-2015-7645,
CVE-2015-7647, CVE-2015-7648) have been identified in Adobe Flash Player
11.2.202.535 and earlier 11.x versions for Linux. Successful
exploitation could cause a crash and potentially allow an attacker to
take control of the affected system.

Adobe is aware of a report that an exploit for the CVE-2015-7645
vulnerability is being used in limited, targeted attacks.

Impact
=====
A remote attacker can execute arbitrary code by supplying a crafted SWF
flash file on a website. These vulnerabilities are currently exploited
in the wild.

References
=========
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7645