ArchLinux: 201609-12: lib32-flashplugin: multiple issues
Summary
- CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280,
CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,
CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 (arbitrary code execution)
Multiple Memory corruption vulnerabilities that could lead to arbitrary
code execution have been found. These vulnerabilities were discovered by
Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero, willJ of
Tencent PC Manager, Yuki Chen of Qihoo 360 Vulcan Team,
b0nd@garage4hackers working with Trend Micro's Zero Day Initiative, and
Tao Yan (@Ga1ois) of Palo Alto Networks
- CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923,
CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,
CVE-2016-6930, CVE-2016-6931, CVE-2016-6932 (arbitrary code execution)
Multiple use-after-free vulnerabilities that could lead to arbitrary
code execution have been found. These vulnerabilities have been
discovered by, Mumei working with Trend Micro's Zero Day Initiative,
Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium
Vulnerability Rewards Program, willJ of Tencent PC Manager, JieZeng of
Tencent Zhanlu Lab working with the Chromium Vulnerability Rewards
Program, Nicolas Joly of Microsoft Vulnerability Research, and Yuki Chen
of Qihoo 360 Vulcan Team
- CVE-2016-4287 (arbitrary code execution)
An integer overflow vulnerability that could lead to arbitrary code
execution has been found. This vulnerability has been discovered by Yuki
Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability
Rewards Program.
- CVE-2016-4271, CVE-2016-4277, CVE-2016-4278 (information disclosure)
A Security bypass vulnerablity that could lead to information disclosure
has been found. These vulnerabilities have been found by Leone
Pontorieri, Soroush Dalili and Matthew Evans from NCC Group, and Nicolas
Joly of Microsoft Vulnerability Research
Resolution
Upgrade to 11.2.202.635-1.
# pacman -Syu "lib32-flashplugin>=11.2.202.635-1"
The problems have been fixed upstream in version 11.2.202.635.
References
https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html https://access.redhat.com/security/cve/CVE-2016-4271 https://access.redhat.com/security/cve/CVE-2016-4272 https://access.redhat.com/security/cve/CVE-2016-4274 https://access.redhat.com/security/cve/CVE-2016-4275 https://access.redhat.com/security/cve/CVE-2016-4276 https://access.redhat.com/security/cve/CVE-2016-4277 https://access.redhat.com/security/cve/CVE-2016-4278 https://access.redhat.com/security/cve/CVE-2016-4279 https://access.redhat.com/security/cve/CVE-2016-4280 https://access.redhat.com/security/cve/CVE-2016-4281 https://access.redhat.com/security/cve/CVE-2016-4282 https://access.redhat.com/security/cve/CVE-2016-4283 https://access.redhat.com/security/cve/CVE-2016-4284 https://access.redhat.com/security/cve/CVE-2016-4285 https://access.redhat.com/security/cve/CVE-2016-4287 https://access.redhat.com/security/cve/CVE-2016-6921 https://access.redhat.com/security/cve/CVE-2016-6922 https://access.redhat.com/security/cve/CVE-2016-6923 https://access.redhat.com/security/cve/CVE-2016-6924 https://access.redhat.com/security/cve/CVE-2016-6925 https://access.redhat.com/security/cve/CVE-2016-6926 https://access.redhat.com/security/cve/CVE-2016-6927 https://access.redhat.com/security/cve/CVE-2016-6929 https://access.redhat.com/security/cve/CVE-2016-6930 https://access.redhat.com/security/cve/CVE-2016-6931 https://access.redhat.com/security/cve/CVE-2016-6932
Workaround
None.