ArchLinux: 201705-9: lib32-flashplugin: arbitrary code execution
Summary
- CVE-2017-3068 (arbitrary code execution)
A memory corruption vulnerability leading to code execution has been
found in the Advanced Video Coding engine of Adobe Flash Player <
25.0.0.171.
- CVE-2017-3069 (arbitrary code execution)
A memory corruption vulnerability leading to code execution has been
found in the BlendMode class of Adobe Flash Player < 25.0.0.171.
- CVE-2017-3070 (arbitrary code execution)
A memory corruption vulnerability leading to code execution has been
found in the ConvolutionFilter class of Adobe Flash Player <
25.0.0.171.
- CVE-2017-3071 (arbitrary code execution)
A use-after-free vulnerability that could lead to code execution has
been found in Adobe Flash Player < 25.0.0.171, when masking display
object.
- CVE-2017-3072 (arbitrary code execution)
A memory corruption vulnerability leading to code execution has been
found in the BitmapData class of Adobe Flash Player < 25.0.0.171.
- CVE-2017-3073 (arbitrary code execution)
A memory corruption vulnerability leading to code execution has been
found in Adobe Flash Player < 25.0.0.171, when handling multiple mask
properties of display objects.
- CVE-2017-3074 (arbitrary code execution)
A memory corruption vulnerability leading to code execution has been
found in the Graphics class of Adobe Flash Player < 25.0.0.171.
Resolution
Upgrade to 25.0.0.171-1.
# pacman -Syu "lib32-flashplugin>=25.0.0.171-1"
The problems have been fixed upstream in version 25.0.0.171.
References
https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html https://security.archlinux.org/CVE-2017-3068 https://security.archlinux.org/CVE-2017-3069 https://security.archlinux.org/CVE-2017-3070 https://security.archlinux.org/CVE-2017-3071 https://security.archlinux.org/CVE-2017-3072 https://security.archlinux.org/CVE-2017-3073 https://security.archlinux.org/CVE-2017-3074
Workaround
None.