Discover Government News

Arch Linux Security Advisory ASA-201609-12
=========================================
Severity: Critical
Date    : 2016-09-15
CVE-ID  : CVE-2016-4271 CVE-2016-4272 CVE-2016-4274 CVE-2016-4275
          CVE-2016-4276 CVE-2016-4277 CVE-2016-4278 CVE-2016-4279
          CVE-2016-4280 CVE-2016-4281 CVE-2016-4282 CVE-2016-4283
          CVE-2016-4284 CVE-2016-4285 CVE-2016-4287 CVE-2016-6921
          CVE-2016-6922 CVE-2016-6923 CVE-2016-6924 CVE-2016-6925
          CVE-2016-6926 CVE-2016-6927 CVE-2016-6929 CVE-2016-6930
          CVE-2016-6931 CVE-2016-6932
Package : lib32-flashplugin
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package lib32-flashplugin before version 11.2.202.635-1 is
vulnerable to multiple issues including arbitrary code execution and
information disclosure.

Resolution
=========
Upgrade to 11.2.202.635-1.

# pacman -Syu "lib32-flashplugin>=11.2.202.635-1"

The problems have been fixed upstream in version 11.2.202.635.

Workaround
=========
None.

Description
==========
- CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280,
  CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,
  CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 (arbitrary code execution)

Multiple Memory corruption vulnerabilities that could lead to arbitrary
code execution have been found. These vulnerabilities were discovered by
Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero, willJ of
Tencent PC Manager, Yuki Chen of Qihoo 360 Vulcan Team,
b0nd@garage4hackers working with Trend Micro's Zero Day Initiative, and
Tao Yan (@Ga1ois) of Palo Alto Networks

- CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923,
  CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,
  CVE-2016-6930, CVE-2016-6931, CVE-2016-6932 (arbitrary code execution)

Multiple use-after-free vulnerabilities that could lead to arbitrary
code execution have been found. These vulnerabilities have been
discovered by, Mumei working with Trend Micro's Zero Day Initiative,
Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium
Vulnerability Rewards Program, willJ of Tencent PC Manager, JieZeng of
Tencent Zhanlu Lab working with the Chromium Vulnerability Rewards
Program, Nicolas Joly of Microsoft Vulnerability Research, and Yuki Chen
of Qihoo 360 Vulcan Team

- CVE-2016-4287 (arbitrary code execution)

An integer overflow vulnerability that could lead to arbitrary code
execution has been found. This vulnerability has been discovered by Yuki
Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability
Rewards Program.

- CVE-2016-4271, CVE-2016-4277, CVE-2016-4278 (information disclosure)

A Security bypass vulnerablity that could lead to information disclosure
has been found. These vulnerabilities have been found by Leone
Pontorieri, Soroush Dalili and Matthew Evans from NCC Group, and Nicolas
Joly of Microsoft Vulnerability Research


Impact
=====
A remote attacker can execute arbitrary code, bypass security checks, or
disclose information on the affected host via unspecified vectors.

References
=========
https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html
https://access.redhat.com/security/cve/CVE-2016-4271
https://access.redhat.com/security/cve/CVE-2016-4272
https://access.redhat.com/security/cve/CVE-2016-4274
https://access.redhat.com/security/cve/CVE-2016-4275
https://access.redhat.com/security/cve/CVE-2016-4276
https://access.redhat.com/security/cve/CVE-2016-4277
https://access.redhat.com/security/cve/CVE-2016-4278
https://access.redhat.com/security/cve/CVE-2016-4279
https://access.redhat.com/security/cve/CVE-2016-4280
https://access.redhat.com/security/cve/CVE-2016-4281
https://access.redhat.com/security/cve/CVE-2016-4282
https://access.redhat.com/security/cve/CVE-2016-4283
https://access.redhat.com/security/cve/CVE-2016-4284
https://access.redhat.com/security/cve/CVE-2016-4285
https://access.redhat.com/security/cve/CVE-2016-4287
https://access.redhat.com/security/cve/CVE-2016-6921
https://access.redhat.com/security/cve/CVE-2016-6922
https://access.redhat.com/security/cve/CVE-2016-6923
https://access.redhat.com/security/cve/CVE-2016-6924
https://access.redhat.com/security/cve/CVE-2016-6925
https://access.redhat.com/security/cve/CVE-2016-6926
https://access.redhat.com/security/cve/CVE-2016-6927
https://access.redhat.com/security/cve/CVE-2016-6929
https://access.redhat.com/security/cve/CVE-2016-6930
https://access.redhat.com/security/cve/CVE-2016-6931
https://access.redhat.com/security/cve/CVE-2016-6932

ArchLinux: 201609-12: lib32-flashplugin: multiple issues

September 15, 2016

Summary

- CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 (arbitrary code execution) Multiple Memory corruption vulnerabilities that could lead to arbitrary code execution have been found. These vulnerabilities were discovered by Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero, willJ of Tencent PC Manager, Yuki Chen of Qihoo 360 Vulcan Team, b0nd@garage4hackers working with Trend Micro's Zero Day Initiative, and Tao Yan (@Ga1ois) of Palo Alto Networks
- CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932 (arbitrary code execution)
Multiple use-after-free vulnerabilities that could lead to arbitrary code execution have been found. These vulnerabilities have been discovered by, Mumei working with Trend Micro's Zero Day Initiative, Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability Rewards Program, willJ of Tencent PC Manager, JieZeng of Tencent Zhanlu Lab working with the Chromium Vulnerability Rewards Program, Nicolas Joly of Microsoft Vulnerability Research, and Yuki Chen of Qihoo 360 Vulcan Team
- CVE-2016-4287 (arbitrary code execution)
An integer overflow vulnerability that could lead to arbitrary code execution has been found. This vulnerability has been discovered by Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability Rewards Program.
- CVE-2016-4271, CVE-2016-4277, CVE-2016-4278 (information disclosure)
A Security bypass vulnerablity that could lead to information disclosure has been found. These vulnerabilities have been found by Leone Pontorieri, Soroush Dalili and Matthew Evans from NCC Group, and Nicolas Joly of Microsoft Vulnerability Research

Resolution

Upgrade to 11.2.202.635-1. # pacman -Syu "lib32-flashplugin>=11.2.202.635-1"
The problems have been fixed upstream in version 11.2.202.635.

References

https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html https://access.redhat.com/security/cve/CVE-2016-4271 https://access.redhat.com/security/cve/CVE-2016-4272 https://access.redhat.com/security/cve/CVE-2016-4274 https://access.redhat.com/security/cve/CVE-2016-4275 https://access.redhat.com/security/cve/CVE-2016-4276 https://access.redhat.com/security/cve/CVE-2016-4277 https://access.redhat.com/security/cve/CVE-2016-4278 https://access.redhat.com/security/cve/CVE-2016-4279 https://access.redhat.com/security/cve/CVE-2016-4280 https://access.redhat.com/security/cve/CVE-2016-4281 https://access.redhat.com/security/cve/CVE-2016-4282 https://access.redhat.com/security/cve/CVE-2016-4283 https://access.redhat.com/security/cve/CVE-2016-4284 https://access.redhat.com/security/cve/CVE-2016-4285 https://access.redhat.com/security/cve/CVE-2016-4287 https://access.redhat.com/security/cve/CVE-2016-6921 https://access.redhat.com/security/cve/CVE-2016-6922 https://access.redhat.com/security/cve/CVE-2016-6923 https://access.redhat.com/security/cve/CVE-2016-6924 https://access.redhat.com/security/cve/CVE-2016-6925 https://access.redhat.com/security/cve/CVE-2016-6926 https://access.redhat.com/security/cve/CVE-2016-6927 https://access.redhat.com/security/cve/CVE-2016-6929 https://access.redhat.com/security/cve/CVE-2016-6930 https://access.redhat.com/security/cve/CVE-2016-6931 https://access.redhat.com/security/cve/CVE-2016-6932

Severity
CVE-2016-4276 CVE-2016-4277 CVE-2016-4278 CVE-2016-4279
CVE-2016-4280 CVE-2016-4281 CVE-2016-4282 CVE-2016-4283
CVE-2016-4284 CVE-2016-4285 CVE-2016-4287 CVE-2016-6921
CVE-2016-6922 CVE-2016-6923 CVE-2016-6924 CVE-2016-6925
CVE-2016-6926 CVE-2016-6927 CVE-2016-6929 CVE-2016-6930
CVE-2016-6931 CVE-2016-6932
Package : lib32-flashplugin
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News