ArchLinux: 201511-5: flashplugin: multiple issues
Summary
- CVE-2015-7651 CVE-2015-7652 CVE-2015-7653 CVE-2015-7654
CVE-2015-7655 CVE-2015-7656 CVE-2015-7657 CVE-2015-7658
CVE-2015-7660 CVE-2015-7661 CVE-2015-7663 CVE-2015-8042
CVE-2015-8043 CVE-2015-8044 CVE-2015-8046 (arbitrary code execution)
It has been discovered that multiple use-after-free vulnerabilities
could lead to arbitrary code execution.
- CVE-2015-7659 (arbitrary code execution)
A type confusion vulnerability has been discovered that could lead to
arbitrary code execution.
- CVE-2015-7662 (access restriction bypass)
A security bypass vulnerability has been discovered that could be
exploited to write arbitrary data to the file system under user permissions.
Resolution
Upgrade to 11.2.202.548-1.
# pacman -Syu "flashplugin>=11.2.202.548-1"
The problems have been fixed upstream in version 11.2.202.548.
References
https://access.redhat.com/security/cve/CVE-2015-7651 https://access.redhat.com/security/cve/CVE-2015-7652 https://access.redhat.com/security/cve/CVE-2015-7653 https://access.redhat.com/security/cve/CVE-2015-7654 https://access.redhat.com/security/cve/CVE-2015-7655 https://access.redhat.com/security/cve/CVE-2015-7656 https://access.redhat.com/security/cve/CVE-2015-7657 https://access.redhat.com/security/cve/CVE-2015-7658 https://access.redhat.com/security/cve/CVE-2015-7659 https://access.redhat.com/security/cve/CVE-2015-7660 https://access.redhat.com/security/cve/CVE-2015-7661 https://access.redhat.com/security/cve/CVE-2015-7662 https://access.redhat.com/security/cve/CVE-2015-7663 https://access.redhat.com/security/cve/CVE-2015-8042 https://access.redhat.com/security/cve/CVE-2015-8043 https://access.redhat.com/security/cve/CVE-2015-8044 https://access.redhat.com/security/cve/CVE-2015-8046 https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html
Workaround
None.