ArchLinux: 201606-15: flashplugin: multiple issues
Summary
- CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125,
CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130,
CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134,
CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151,
CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155,
CVE-2016-4156, CVE-2016-4166, CVE-2016-4171 (arbitrary code execution)
Memory corruptions leading to arbitrary code execution.
- CVE-2016-4135, CVE-2016-4136, CVE-2016-4138 (arbitrary code execution)
Heap-based buffer overflows leading to arbitrary code execution.
- CVE-2016-4139 (information leak)
Vulnerability that could be exploited to bypass the same-origin policy
and lead to information disclosure.
- CVE-2016-4140 (arbitrary code execution)
Vulnerability in the directory search path used to find resources that
could lead to code execution.
- CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146,
CVE-2016-4147, CVE-2016-4148 (arbitrary code execution)
Use-after-free vulnerabilities leading to arbitrary code execution.
- CVE-2016-4144, CVE-2016-4149 (arbitrary code execution)
Type confusion vulnerabilities leading to arbitrary code execution.
Resolution
Upgrade to 11.2.202.626-1.
# pacman -Syu "flashplugin>=11.2.202.626-1"
The problems have been fixed upstream in version 11.2.202.626.
References
https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html https://access.redhat.com/security/cve/CVE-2016-4122 https://access.redhat.com/security/cve/CVE-2016-4123 https://access.redhat.com/security/cve/CVE-2016-4124 https://access.redhat.com/security/cve/CVE-2016-4125 https://access.redhat.com/security/cve/CVE-2016-4127 https://access.redhat.com/security/cve/CVE-2016-4128 https://access.redhat.com/security/cve/CVE-2016-4129 https://access.redhat.com/security/cve/CVE-2016-4130 https://access.redhat.com/security/cve/CVE-2016-4131 https://access.redhat.com/security/cve/CVE-2016-4132 https://access.redhat.com/security/cve/CVE-2016-4133 https://access.redhat.com/security/cve/CVE-2016-4134 https://access.redhat.com/security/cve/CVE-2016-4135 https://access.redhat.com/security/cve/CVE-2016-4136 https://access.redhat.com/security/cve/CVE-2016-4137 https://access.redhat.com/security/cve/CVE-2016-4138 https://access.redhat.com/security/cve/CVE-2016-4139 https://access.redhat.com/security/cve/CVE-2016-4140 https://access.redhat.com/security/cve/CVE-2016-4141 https://access.redhat.com/security/cve/CVE-2016-4142 https://access.redhat.com/security/cve/CVE-2016-4143 https://access.redhat.com/security/cve/CVE-2016-4144 https://access.redhat.com/security/cve/CVE-2016-4145 https://access.redhat.com/security/cve/CVE-2016-4146 https://access.redhat.com/security/cve/CVE-2016-4147 https://access.redhat.com/security/cve/CVE-2016-4148 https://access.redhat.com/security/cve/CVE-2016-4149 https://access.redhat.com/security/cve/CVE-2016-4150 https://access.redhat.com/security/cve/CVE-2016-4151 https://access.redhat.com/security/cve/CVE-2016-4152 https://access.redhat.com/security/cve/CVE-2016-4153 https://access.redhat.com/security/cve/CVE-2016-4154 https://access.redhat.com/security/cve/CVE-2016-4155 https://access.redhat.com/security/cve/CVE-2016-4156 https://access.redhat.com/security/cve/CVE-2016-4166 https://access.redhat.com/security/cve/CVE-2016-4171
Workaround
None.