Arch Linux Security Advisory ASA-201512-7
========================================
Severity: Critical
Date    : 2015-12-09
CVE-ID  : CVE-2015-8045 CVE-2015-8047 CVE-2015-8048 CVE-2015-8049
          CVE-2015-8050 CVE-2015-8055 CVE-2015-8056 CVE-2015-8057
          CVE-2015-8058 CVE-2015-8059 CVE-2015-8060 CVE-2015-8061
          CVE-2015-8062 CVE-2015-8063 CVE-2015-8064 CVE-2015-8065
          CVE-2015-8066 CVE-2015-8067 CVE-2015-8068 CVE-2015-8069
          CVE-2015-8070 CVE-2015-8071 CVE-2015-8401 CVE-2015-8402
          CVE-2015-8403 CVE-2015-8404 CVE-2015-8405 CVE-2015-8406
          CVE-2015-8407 CVE-2015-8408 CVE-2015-8409 CVE-2015-8410
          CVE-2015-8411 CVE-2015-8412 CVE-2015-8413 CVE-2015-8414
          CVE-2015-8415 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418
          CVE-2015-8419 CVE-2015-8420 CVE-2015-8421 CVE-2015-8422
          CVE-2015-8423 CVE-2015-8424 CVE-2015-8425 CVE-2015-8426
          CVE-2015-8427 CVE-2015-8428 CVE-2015-8429 CVE-2015-8430
          CVE-2015-8431 CVE-2015-8432 CVE-2015-8433 CVE-2015-8434
          CVE-2015-8435 CVE-2015-8436 CVE-2015-8437 CVE-2015-8438
          CVE-2015-8439 CVE-2015-8440 CVE-2015-8441 CVE-2015-8442
          CVE-2015-8443 CVE-2015-8444 CVE-2015-8445 CVE-2015-8446
          CVE-2015-8447 CVE-2015-8448 CVE-2015-8449 CVE-2015-8450
          CVE-2015-8451 CVE-2015-8452 CVE-2015-8453 CVE-2015-8454
          CVE-2015-8455
Package : flashplugin
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package flashplugin before version 11.2.202.554-1 is vulnerable to
multiple issues including but not limited to arbitrary code execution,
security restriction bypass, denial of service and possibly other
unspecified impact.

Resolution
=========
Upgrade to 11.2.202.554-1.

# pacman -Syu "flashplugin>=11.2.202.554-1"

The problems have been fixed upstream in version 11.2.202.554.

Workaround
=========
None.

Description
==========
- CVE-2015-8045 CVE-2015-8060 CVE-2015-8408 CVE-2015-8416 CVE-2015-8417
  CVE-2015-8418 CVE-2015-8419 CVE-2015-8443 CVE-2015-8444 CVE-2015-8047
  CVE-2015-8451 CVE-2015-8455 (arbitrary code execution)

Memory corruption vulnerabilities have been discovered that could lead
to arbitrary code execution.

- CVE-2015-8438 CVE-2015-8446 (arbitrary code execution)

Heap buffer overflow vulnerabilities have been discovered that could
lead to arbitrary code execution.

- CVE-2015-8409 CVE-2015-8440 CVE-2015-8453
  (security restriction bypass)

Multiple issues have been discovered that are lading to security
restriction bypass.

- CVE-2015-8407 (arbitrary code execution)

A stack overflow vulnerability has been discovered that could lead to
arbitrary code execution.

- CVE-2015-8439 (arbitrary code execution)

A type confusion vulnerability has been discovered that could lead to
arbitrary code execution.

- CVE-2015-8445 (arbitrary code execution)

An integer overflow vulnerability has been discovered that could lead to
arbitrary code execution.

- CVE-2015-8415 (arbitrary code execution)

A buffer overflow vulnerability has been discovered that could lead to
arbitrary code execution.

- CVE-2015-8050 CVE-2015-8049 CVE-2015-8437 CVE-2015-8450 CVE-2015-8449
  CVE-2015-8448 CVE-2015-8436 CVE-2015-8452 CVE-2015-8048 CVE-2015-8413
  CVE-2015-8412 CVE-2015-8410 CVE-2015-8411 CVE-2015-8424 CVE-2015-8422
  CVE-2015-8420 CVE-2015-8421 CVE-2015-8423 CVE-2015-8425 CVE-2015-8433
  CVE-2015-8432 CVE-2015-8431 CVE-2015-8426 CVE-2015-8430 CVE-2015-8427
  CVE-2015-8428 CVE-2015-8429 CVE-2015-8434 CVE-2015-8435 CVE-2015-8414
  CVE-2015-8454 CVE-2015-8059 CVE-2015-8058 CVE-2015-8055 CVE-2015-8057
  CVE-2015-8056 CVE-2015-8061 CVE-2015-8067 CVE-2015-8066 CVE-2015-8062
  CVE-2015-8068 CVE-2015-8064 CVE-2015-8065 CVE-2015-8063 CVE-2015-8405
  CVE-2015-8404 CVE-2015-8402 CVE-2015-8403 CVE-2015-8071 CVE-2015-8401
  CVE-2015-8406 CVE-2015-8069 CVE-2015-8070 CVE-2015-8441 CVE-2015-8442
  CVE-2015-8447 (arbitrary code execution)

Multiple use-after-free vulnerabilities have been discovered that could
lead to arbitrary code execution.


Impact
=====
A remote attacker is able to create a specially crafted SWF file that,
when played, is leading to arbitrary code execution, denial of service,
security restriction bypass or possibly other unspecified impact via
various vectors.

References
=========
https://access.redhat.com/security/cve/CVE-2015-8045
https://access.redhat.com/security/cve/CVE-2015-8047
https://access.redhat.com/security/cve/CVE-2015-8048
https://access.redhat.com/security/cve/CVE-2015-8049
https://access.redhat.com/security/cve/CVE-2015-8050
https://access.redhat.com/security/cve/CVE-2015-8055
https://access.redhat.com/security/cve/CVE-2015-8056
https://access.redhat.com/security/cve/CVE-2015-8057
https://access.redhat.com/security/cve/CVE-2015-8058
https://access.redhat.com/security/cve/CVE-2015-8059
https://access.redhat.com/security/cve/CVE-2015-8060
https://access.redhat.com/security/cve/CVE-2015-8061
https://access.redhat.com/security/cve/CVE-2015-8062
https://access.redhat.com/security/cve/CVE-2015-8063
https://access.redhat.com/security/cve/CVE-2015-8064
https://access.redhat.com/security/cve/CVE-2015-8065
https://access.redhat.com/security/cve/CVE-2015-8066
https://access.redhat.com/security/cve/CVE-2015-8067
https://access.redhat.com/security/cve/CVE-2015-8068
https://access.redhat.com/security/cve/CVE-2015-8069
https://access.redhat.com/security/cve/CVE-2015-8070
https://access.redhat.com/security/cve/CVE-2015-8071
https://access.redhat.com/security/cve/CVE-2015-8401
https://access.redhat.com/security/cve/CVE-2015-8402
https://access.redhat.com/security/cve/CVE-2015-8403
https://access.redhat.com/security/cve/CVE-2015-8404
https://access.redhat.com/security/cve/CVE-2015-8405
https://access.redhat.com/security/cve/CVE-2015-8406
https://access.redhat.com/security/cve/CVE-2015-8407
https://access.redhat.com/security/cve/CVE-2015-8408
https://access.redhat.com/security/cve/CVE-2015-8409
https://access.redhat.com/security/cve/CVE-2015-8410
https://access.redhat.com/security/cve/CVE-2015-8411
https://access.redhat.com/security/cve/CVE-2015-8412
https://access.redhat.com/security/cve/CVE-2015-8413
https://access.redhat.com/security/cve/CVE-2015-8414
https://access.redhat.com/security/cve/CVE-2015-8415
https://access.redhat.com/security/cve/CVE-2015-8416
https://access.redhat.com/security/cve/CVE-2015-8417
https://access.redhat.com/security/cve/CVE-2015-8418
https://access.redhat.com/security/cve/CVE-2015-8419
https://access.redhat.com/security/cve/CVE-2015-8420
https://access.redhat.com/security/cve/CVE-2015-8421
https://access.redhat.com/security/cve/CVE-2015-8422
https://access.redhat.com/security/cve/CVE-2015-8423
https://access.redhat.com/security/cve/CVE-2015-8424
https://access.redhat.com/security/cve/CVE-2015-8425
https://access.redhat.com/security/cve/CVE-2015-8426
https://access.redhat.com/security/cve/CVE-2015-8427
https://access.redhat.com/security/cve/CVE-2015-8428
https://access.redhat.com/security/cve/CVE-2015-8429
https://access.redhat.com/security/cve/CVE-2015-8430
https://access.redhat.com/security/cve/CVE-2015-8431
https://access.redhat.com/security/cve/CVE-2015-8432
https://access.redhat.com/security/cve/CVE-2015-8433
https://access.redhat.com/security/cve/CVE-2015-8434
https://access.redhat.com/security/cve/CVE-2015-8435
https://access.redhat.com/security/cve/CVE-2015-8436
https://access.redhat.com/security/cve/CVE-2015-8437
https://access.redhat.com/security/cve/CVE-2015-8438
https://access.redhat.com/security/cve/CVE-2015-8439
https://access.redhat.com/security/cve/CVE-2015-8440
https://access.redhat.com/security/cve/CVE-2015-8441
https://access.redhat.com/security/cve/CVE-2015-8442
https://access.redhat.com/security/cve/CVE-2015-8443
https://access.redhat.com/security/cve/CVE-2015-8444
https://access.redhat.com/security/cve/CVE-2015-8445
https://access.redhat.com/security/cve/CVE-2015-8446
https://access.redhat.com/security/cve/CVE-2015-8447
https://access.redhat.com/security/cve/CVE-2015-8448
https://access.redhat.com/security/cve/CVE-2015-8449
https://access.redhat.com/security/cve/CVE-2015-8450
https://access.redhat.com/security/cve/CVE-2015-8451
https://access.redhat.com/security/cve/CVE-2015-8452
https://access.redhat.com/security/cve/CVE-2015-8453
https://access.redhat.com/security/cve/CVE-2015-8454
https://access.redhat.com/security/cve/CVE-2015-8455
https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html

ArchLinux: 201512-7: flashplugin: multiple issues

December 9, 2015

Summary

- CVE-2015-8045 CVE-2015-8060 CVE-2015-8408 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418 CVE-2015-8419 CVE-2015-8443 CVE-2015-8444 CVE-2015-8047 CVE-2015-8451 CVE-2015-8455 (arbitrary code execution) Memory corruption vulnerabilities have been discovered that could lead to arbitrary code execution.
- CVE-2015-8438 CVE-2015-8446 (arbitrary code execution)
Heap buffer overflow vulnerabilities have been discovered that could lead to arbitrary code execution.
- CVE-2015-8409 CVE-2015-8440 CVE-2015-8453 (security restriction bypass)
Multiple issues have been discovered that are lading to security restriction bypass.
- CVE-2015-8407 (arbitrary code execution)
A stack overflow vulnerability has been discovered that could lead to arbitrary code execution.
- CVE-2015-8439 (arbitrary code execution)
A type confusion vulnerability has been discovered that could lead to arbitrary code execution.
- CVE-2015-8445 (arbitrary code execution)
An integer overflow vulnerability has been discovered that could lead to arbitrary code execution.
- CVE-2015-8415 (arbitrary code execution)
A buffer overflow vulnerability has been discovered that could lead to arbitrary code execution.
- CVE-2015-8050 CVE-2015-8049 CVE-2015-8437 CVE-2015-8450 CVE-2015-8449 CVE-2015-8448 CVE-2015-8436 CVE-2015-8452 CVE-2015-8048 CVE-2015-8413 CVE-2015-8412 CVE-2015-8410 CVE-2015-8411 CVE-2015-8424 CVE-2015-8422 CVE-2015-8420 CVE-2015-8421 CVE-2015-8423 CVE-2015-8425 CVE-2015-8433 CVE-2015-8432 CVE-2015-8431 CVE-2015-8426 CVE-2015-8430 CVE-2015-8427 CVE-2015-8428 CVE-2015-8429 CVE-2015-8434 CVE-2015-8435 CVE-2015-8414 CVE-2015-8454 CVE-2015-8059 CVE-2015-8058 CVE-2015-8055 CVE-2015-8057 CVE-2015-8056 CVE-2015-8061 CVE-2015-8067 CVE-2015-8066 CVE-2015-8062 CVE-2015-8068 CVE-2015-8064 CVE-2015-8065 CVE-2015-8063 CVE-2015-8405 CVE-2015-8404 CVE-2015-8402 CVE-2015-8403 CVE-2015-8071 CVE-2015-8401 CVE-2015-8406 CVE-2015-8069 CVE-2015-8070 CVE-2015-8441 CVE-2015-8442 CVE-2015-8447 (arbitrary code execution)
Multiple use-after-free vulnerabilities have been discovered that could lead to arbitrary code execution.

Resolution

Upgrade to 11.2.202.554-1. # pacman -Syu "flashplugin>=11.2.202.554-1"
The problems have been fixed upstream in version 11.2.202.554.

References

https://access.redhat.com/security/cve/CVE-2015-8045 https://access.redhat.com/security/cve/CVE-2015-8047 https://access.redhat.com/security/cve/CVE-2015-8048 https://access.redhat.com/security/cve/CVE-2015-8049 https://access.redhat.com/security/cve/CVE-2015-8050 https://access.redhat.com/security/cve/CVE-2015-8055 https://access.redhat.com/security/cve/CVE-2015-8056 https://access.redhat.com/security/cve/CVE-2015-8057 https://access.redhat.com/security/cve/CVE-2015-8058 https://access.redhat.com/security/cve/CVE-2015-8059 https://access.redhat.com/security/cve/CVE-2015-8060 https://access.redhat.com/security/cve/CVE-2015-8061 https://access.redhat.com/security/cve/CVE-2015-8062 https://access.redhat.com/security/cve/CVE-2015-8063 https://access.redhat.com/security/cve/CVE-2015-8064 https://access.redhat.com/security/cve/CVE-2015-8065 https://access.redhat.com/security/cve/CVE-2015-8066 https://access.redhat.com/security/cve/CVE-2015-8067 https://access.redhat.com/security/cve/CVE-2015-8068 https://access.redhat.com/security/cve/CVE-2015-8069 https://access.redhat.com/security/cve/CVE-2015-8070 https://access.redhat.com/security/cve/CVE-2015-8071 https://access.redhat.com/security/cve/CVE-2015-8401 https://access.redhat.com/security/cve/CVE-2015-8402 https://access.redhat.com/security/cve/CVE-2015-8403 https://access.redhat.com/security/cve/CVE-2015-8404 https://access.redhat.com/security/cve/CVE-2015-8405 https://access.redhat.com/security/cve/CVE-2015-8406 https://access.redhat.com/security/cve/CVE-2015-8407 https://access.redhat.com/security/cve/CVE-2015-8408 https://access.redhat.com/security/cve/CVE-2015-8409 https://access.redhat.com/security/cve/CVE-2015-8410 https://access.redhat.com/security/cve/CVE-2015-8411 https://access.redhat.com/security/cve/CVE-2015-8412 https://access.redhat.com/security/cve/CVE-2015-8413 https://access.redhat.com/security/cve/CVE-2015-8414 https://access.redhat.com/security/cve/CVE-2015-8415 https://access.redhat.com/security/cve/CVE-2015-8416 https://access.redhat.com/security/cve/CVE-2015-8417 https://access.redhat.com/security/cve/CVE-2015-8418 https://access.redhat.com/security/cve/CVE-2015-8419 https://access.redhat.com/security/cve/CVE-2015-8420 https://access.redhat.com/security/cve/CVE-2015-8421 https://access.redhat.com/security/cve/CVE-2015-8422 https://access.redhat.com/security/cve/CVE-2015-8423 https://access.redhat.com/security/cve/CVE-2015-8424 https://access.redhat.com/security/cve/CVE-2015-8425 https://access.redhat.com/security/cve/CVE-2015-8426 https://access.redhat.com/security/cve/CVE-2015-8427 https://access.redhat.com/security/cve/CVE-2015-8428 https://access.redhat.com/security/cve/CVE-2015-8429 https://access.redhat.com/security/cve/CVE-2015-8430 https://access.redhat.com/security/cve/CVE-2015-8431 https://access.redhat.com/security/cve/CVE-2015-8432 https://access.redhat.com/security/cve/CVE-2015-8433 https://access.redhat.com/security/cve/CVE-2015-8434 https://access.redhat.com/security/cve/CVE-2015-8435 https://access.redhat.com/security/cve/CVE-2015-8436 https://access.redhat.com/security/cve/CVE-2015-8437 https://access.redhat.com/security/cve/CVE-2015-8438 https://access.redhat.com/security/cve/CVE-2015-8439 https://access.redhat.com/security/cve/CVE-2015-8440 https://access.redhat.com/security/cve/CVE-2015-8441 https://access.redhat.com/security/cve/CVE-2015-8442 https://access.redhat.com/security/cve/CVE-2015-8443 https://access.redhat.com/security/cve/CVE-2015-8444 https://access.redhat.com/security/cve/CVE-2015-8445 https://access.redhat.com/security/cve/CVE-2015-8446 https://access.redhat.com/security/cve/CVE-2015-8447 https://access.redhat.com/security/cve/CVE-2015-8448 https://access.redhat.com/security/cve/CVE-2015-8449 https://access.redhat.com/security/cve/CVE-2015-8450 https://access.redhat.com/security/cve/CVE-2015-8451 https://access.redhat.com/security/cve/CVE-2015-8452 https://access.redhat.com/security/cve/CVE-2015-8453 https://access.redhat.com/security/cve/CVE-2015-8454 https://access.redhat.com/security/cve/CVE-2015-8455 https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html

Severity
CVE-2015-8050 CVE-2015-8055 CVE-2015-8056 CVE-2015-8057
CVE-2015-8058 CVE-2015-8059 CVE-2015-8060 CVE-2015-8061
CVE-2015-8062 CVE-2015-8063 CVE-2015-8064 CVE-2015-8065
CVE-2015-8066 CVE-2015-8067 CVE-2015-8068 CVE-2015-8069
CVE-2015-8070 CVE-2015-8071 CVE-2015-8401 CVE-2015-8402
CVE-2015-8403 CVE-2015-8404 CVE-2015-8405 CVE-2015-8406
CVE-2015-8407 CVE-2015-8408 CVE-2015-8409 CVE-2015-8410
CVE-2015-8411 CVE-2015-8412 CVE-2015-8413 CVE-2015-8414
CVE-2015-8415 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418
CVE-2015-8419 CVE-2015-8420 CVE-2015-8421 CVE-2015-8422
CVE-2015-8423 CVE-2015-8424 CVE-2015-8425 CVE-2015-8426
CVE-2015-8427 CVE-2015-8428 CVE-2015-8429 CVE-2015-8430
CVE-2015-8431 CVE-2015-8432 CVE-2015-8433 CVE-2015-8434
CVE-2015-8435 CVE-2015-8436 CVE-2015-8437 CVE-2015-8438
CVE-2015-8439 CVE-2015-8440 CVE-2015-8441 CVE-2015-8442
CVE-2015-8443 CVE-2015-8444 CVE-2015-8445 CVE-2015-8446
CVE-2015-8447 CVE-2015-8448 CVE-2015-8449 CVE-2015-8450
CVE-2015-8451 CVE-2015-8452 CVE-2015-8453 CVE-2015-8454
CVE-2015-8455
Package : flashplugin
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News

2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved