Arch Linux Security Advisory ASA-201609-12
=========================================
Severity: Critical
Date    : 2016-09-15
CVE-ID  : CVE-2016-4271 CVE-2016-4272 CVE-2016-4274 CVE-2016-4275
          CVE-2016-4276 CVE-2016-4277 CVE-2016-4278 CVE-2016-4279
          CVE-2016-4280 CVE-2016-4281 CVE-2016-4282 CVE-2016-4283
          CVE-2016-4284 CVE-2016-4285 CVE-2016-4287 CVE-2016-6921
          CVE-2016-6922 CVE-2016-6923 CVE-2016-6924 CVE-2016-6925
          CVE-2016-6926 CVE-2016-6927 CVE-2016-6929 CVE-2016-6930
          CVE-2016-6931 CVE-2016-6932
Package : lib32-flashplugin
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package lib32-flashplugin before version 11.2.202.635-1 is
vulnerable to multiple issues including arbitrary code execution and
information disclosure.

Resolution
=========
Upgrade to 11.2.202.635-1.

# pacman -Syu "lib32-flashplugin>=11.2.202.635-1"

The problems have been fixed upstream in version 11.2.202.635.

Workaround
=========
None.

Description
==========
- CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280,
  CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,
  CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 (arbitrary code execution)

Multiple Memory corruption vulnerabilities that could lead to arbitrary
code execution have been found. These vulnerabilities were discovered by
Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero, willJ of
Tencent PC Manager, Yuki Chen of Qihoo 360 Vulcan Team,
b0nd@garage4hackers working with Trend Micro's Zero Day Initiative, and
Tao Yan (@Ga1ois) of Palo Alto Networks

- CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923,
  CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,
  CVE-2016-6930, CVE-2016-6931, CVE-2016-6932 (arbitrary code execution)

Multiple use-after-free vulnerabilities that could lead to arbitrary
code execution have been found. These vulnerabilities have been
discovered by, Mumei working with Trend Micro's Zero Day Initiative,
Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium
Vulnerability Rewards Program, willJ of Tencent PC Manager, JieZeng of
Tencent Zhanlu Lab working with the Chromium Vulnerability Rewards
Program, Nicolas Joly of Microsoft Vulnerability Research, and Yuki Chen
of Qihoo 360 Vulcan Team

- CVE-2016-4287 (arbitrary code execution)

An integer overflow vulnerability that could lead to arbitrary code
execution has been found. This vulnerability has been discovered by Yuki
Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability
Rewards Program.

- CVE-2016-4271, CVE-2016-4277, CVE-2016-4278 (information disclosure)

A Security bypass vulnerablity that could lead to information disclosure
has been found. These vulnerabilities have been found by Leone
Pontorieri, Soroush Dalili and Matthew Evans from NCC Group, and Nicolas
Joly of Microsoft Vulnerability Research


Impact
=====
A remote attacker can execute arbitrary code, bypass security checks, or
disclose information on the affected host via unspecified vectors.

References
=========
https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html
https://access.redhat.com/security/cve/CVE-2016-4271
https://access.redhat.com/security/cve/CVE-2016-4272
https://access.redhat.com/security/cve/CVE-2016-4274
https://access.redhat.com/security/cve/CVE-2016-4275
https://access.redhat.com/security/cve/CVE-2016-4276
https://access.redhat.com/security/cve/CVE-2016-4277
https://access.redhat.com/security/cve/CVE-2016-4278
https://access.redhat.com/security/cve/CVE-2016-4279
https://access.redhat.com/security/cve/CVE-2016-4280
https://access.redhat.com/security/cve/CVE-2016-4281
https://access.redhat.com/security/cve/CVE-2016-4282
https://access.redhat.com/security/cve/CVE-2016-4283
https://access.redhat.com/security/cve/CVE-2016-4284
https://access.redhat.com/security/cve/CVE-2016-4285
https://access.redhat.com/security/cve/CVE-2016-4287
https://access.redhat.com/security/cve/CVE-2016-6921
https://access.redhat.com/security/cve/CVE-2016-6922
https://access.redhat.com/security/cve/CVE-2016-6923
https://access.redhat.com/security/cve/CVE-2016-6924
https://access.redhat.com/security/cve/CVE-2016-6925
https://access.redhat.com/security/cve/CVE-2016-6926
https://access.redhat.com/security/cve/CVE-2016-6927
https://access.redhat.com/security/cve/CVE-2016-6929
https://access.redhat.com/security/cve/CVE-2016-6930
https://access.redhat.com/security/cve/CVE-2016-6931
https://access.redhat.com/security/cve/CVE-2016-6932

ArchLinux: 201609-12: lib32-flashplugin: multiple issues

September 15, 2016

Summary

- CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 (arbitrary code execution) Multiple Memory corruption vulnerabilities that could lead to arbitrary code execution have been found. These vulnerabilities were discovered by Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero, willJ of Tencent PC Manager, Yuki Chen of Qihoo 360 Vulcan Team, b0nd@garage4hackers working with Trend Micro's Zero Day Initiative, and Tao Yan (@Ga1ois) of Palo Alto Networks
- CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932 (arbitrary code execution)
Multiple use-after-free vulnerabilities that could lead to arbitrary code execution have been found. These vulnerabilities have been discovered by, Mumei working with Trend Micro's Zero Day Initiative, Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability Rewards Program, willJ of Tencent PC Manager, JieZeng of Tencent Zhanlu Lab working with the Chromium Vulnerability Rewards Program, Nicolas Joly of Microsoft Vulnerability Research, and Yuki Chen of Qihoo 360 Vulcan Team
- CVE-2016-4287 (arbitrary code execution)
An integer overflow vulnerability that could lead to arbitrary code execution has been found. This vulnerability has been discovered by Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability Rewards Program.
- CVE-2016-4271, CVE-2016-4277, CVE-2016-4278 (information disclosure)
A Security bypass vulnerablity that could lead to information disclosure has been found. These vulnerabilities have been found by Leone Pontorieri, Soroush Dalili and Matthew Evans from NCC Group, and Nicolas Joly of Microsoft Vulnerability Research

Resolution

Upgrade to 11.2.202.635-1. # pacman -Syu "lib32-flashplugin>=11.2.202.635-1"
The problems have been fixed upstream in version 11.2.202.635.

References

https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html https://access.redhat.com/security/cve/CVE-2016-4271 https://access.redhat.com/security/cve/CVE-2016-4272 https://access.redhat.com/security/cve/CVE-2016-4274 https://access.redhat.com/security/cve/CVE-2016-4275 https://access.redhat.com/security/cve/CVE-2016-4276 https://access.redhat.com/security/cve/CVE-2016-4277 https://access.redhat.com/security/cve/CVE-2016-4278 https://access.redhat.com/security/cve/CVE-2016-4279 https://access.redhat.com/security/cve/CVE-2016-4280 https://access.redhat.com/security/cve/CVE-2016-4281 https://access.redhat.com/security/cve/CVE-2016-4282 https://access.redhat.com/security/cve/CVE-2016-4283 https://access.redhat.com/security/cve/CVE-2016-4284 https://access.redhat.com/security/cve/CVE-2016-4285 https://access.redhat.com/security/cve/CVE-2016-4287 https://access.redhat.com/security/cve/CVE-2016-6921 https://access.redhat.com/security/cve/CVE-2016-6922 https://access.redhat.com/security/cve/CVE-2016-6923 https://access.redhat.com/security/cve/CVE-2016-6924 https://access.redhat.com/security/cve/CVE-2016-6925 https://access.redhat.com/security/cve/CVE-2016-6926 https://access.redhat.com/security/cve/CVE-2016-6927 https://access.redhat.com/security/cve/CVE-2016-6929 https://access.redhat.com/security/cve/CVE-2016-6930 https://access.redhat.com/security/cve/CVE-2016-6931 https://access.redhat.com/security/cve/CVE-2016-6932

Severity
CVE-2016-4276 CVE-2016-4277 CVE-2016-4278 CVE-2016-4279
CVE-2016-4280 CVE-2016-4281 CVE-2016-4282 CVE-2016-4283
CVE-2016-4284 CVE-2016-4285 CVE-2016-4287 CVE-2016-6921
CVE-2016-6922 CVE-2016-6923 CVE-2016-6924 CVE-2016-6925
CVE-2016-6926 CVE-2016-6927 CVE-2016-6929 CVE-2016-6930
CVE-2016-6931 CVE-2016-6932
Package : lib32-flashplugin
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News

22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved