ArchLinux: 201702-16: lib32-flashplugin: arbitrary code execution
Summary
- CVE-2017-2982 (arbitrary code execution)
A use-after-free vulnerability possibly leading to code execution has
been found in Adobe Flash Player < 24.0.0.221.
- CVE-2017-2984 (arbitrary code execution)
A heap-based buffer overflow vulnerability possibly leading to code
execution has been found in Adobe Flash Player < 24.0.0.221.
- CVE-2017-2985 (arbitrary code execution)
A use-after-free vulnerability possibly leading to code execution has
been found in Adobe Flash Player < 24.0.0.221.
- CVE-2017-2987 (arbitrary code execution)
An integer overflow vulnerability possibly leading to code execution
has been found in Adobe Flash Player < 24.0.0.221.
- CVE-2017-2988 (arbitrary code execution)
A memory corruption vulnerability possibly leading to code execution
has been found in Adobe Flash Player < 24.0.0.221.
- CVE-2017-2990 (arbitrary code execution)
A memory corruption vulnerability possibly leading to code execution
has been found in Adobe Flash Player < 24.0.0.221.
- CVE-2017-2991 (arbitrary code execution)
A memory corruption vulnerability possibly leading to code execution
has been found in Adobe Flash Player < 24.0.0.221.
- CVE-2017-2992 (arbitrary code execution)
A heap-based buffer overflow vulnerability possibly leading to code
execution has been found in Adobe Flash Player < 24.0.0.221.
- CVE-2017-2993 (arbitrary code execution)
A use-after-free vulnerability possibly leading to code execution has
been found in Adobe Flash Player < 24.0.0.221.
- CVE-2017-2994 (arbitrary code execution)
A use-after-free vulnerability possibly leading to code execution has
been found in Adobe Flash Player < 24.0.0.221.
- CVE-2017-2995 (arbitrary code execution)
A type confusion vulnerability possibly leading to code execution has
been found in Adobe Flash Player < 24.0.0.221.
- CVE-2017-2996 (arbitrary code execution)
A memory corruption vulnerability possibly leading to code execution
has been found in Adobe Flash Player < 24.0.0.221.
Resolution
Upgrade to 24.0.0.221-1.
# pacman -Syu "lib32-flashplugin>=24.0.0.221-1"
The problems have been fixed upstream in version 24.0.0.221.
References
https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html https://security.archlinux.org/CVE-2017-2982 https://security.archlinux.org/CVE-2017-2984 https://security.archlinux.org/CVE-2017-2985 https://security.archlinux.org/CVE-2017-2987 https://security.archlinux.org/CVE-2017-2988 https://security.archlinux.org/CVE-2017-2990 https://security.archlinux.org/CVE-2017-2991 https://security.archlinux.org/CVE-2017-2992 https://security.archlinux.org/CVE-2017-2993 https://security.archlinux.org/CVE-2017-2994 https://security.archlinux.org/CVE-2017-2995 https://security.archlinux.org/CVE-2017-2996
Workaround
None.