ArchLinux: 201510-7: flashplugin: multiple issues
Summary
- CVE-2015-5569 (information leak, insufficient hardening)
These updates include a defense-in-depth feature in the Flash broker API.
- CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7630 CVE-2015-7633
CVE-2015-7634 (arbitrary code execution)
These updates resolve memory corruption vulnerabilities that could lead
to code execution.
- CVE-2015-7628 (same-origin-policy bypass, information disclosure)
These updates resolve a vulnerability that could be exploited to bypass
the same-origin-policy and lead to information disclosure.
- CVE-2015-7629 CVE-2015-7631 CVE-2015-7643 CVE-2015-7644
(arbitrary code execution)
These updates resolve use-after-free vulnerabilities that could lead to
code execution.
- CVE-2015-7632 (arbitrary code execution)
These updates resolve a buffer overflow vulnerability that could lead to
code execution.
Resolution
Upgrade to 11.2.202.535-1.
# pacman -Syu "flashplugin>=11.2.202.535-1"
The problems have been fixed upstream in version 11.2.202.535.
References
https://access.redhat.com/security/cve/CVE-2015-5569 https://access.redhat.com/security/cve/CVE-2015-7625 https://access.redhat.com/security/cve/CVE-2015-7626 https://access.redhat.com/security/cve/CVE-2015-7627 https://access.redhat.com/security/cve/CVE-2015-7628 https://access.redhat.com/security/cve/CVE-2015-7629 https://access.redhat.com/security/cve/CVE-2015-7630 https://access.redhat.com/security/cve/CVE-2015-7631 https://access.redhat.com/security/cve/CVE-2015-7632 https://access.redhat.com/security/cve/CVE-2015-7633 https://access.redhat.com/security/cve/CVE-2015-7634 https://access.redhat.com/security/cve/CVE-2015-7643 https://access.redhat.com/security/cve/CVE-2015-7644 https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html
Workaround
None.