Arch Linux: ASA-201706-15 Critical: lib32-flashplugin Remote Code Exec
Jun 15, 2017
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
The package lib32-flashplugin before version 26.0.0.126-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201706-15
=========================================
Severity: Critical
Date : 2017-06-14
CVE-ID : CVE-2017-3075 CVE-2017-3076 CVE-2017-3077 CVE-2017-3078
CVE-2017-3079 CVE-2017-3081 CVE-2017-3082 CVE-2017-3083
CVE-2017-3084
Package : lib32-flashplugin
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-298
Summary
======
The package lib32-flashplugin before version 26.0.0.126-1 is vulnerable
to arbitrary code execution.
Resolution
=========
Upgrade to 26.0.0.126-1.
# pacman -Syu "lib32-flashplugin>=26.0.0.126-1"
The problems have been fixed upstream in version 26.0.0.126.
Workaround
=========
None.
Description
==========
- CVE-2017-3075 (arbitrary code execution)
A use-after-free vulnerability leading to remote code execution has
been found in Adobe Flash Player < 26.0.0.126.
- CVE-2017-3076 (arbitrary code execution)
A memory corruption vulnerability leading to remote code execution has
been found in Adobe Flash Player < 26.0.0.126.
- CVE-2017-3077 (arbitrary code execution)
A memory corruption vulnerability leading to remote code execution has
been found in Adobe Flash Player < 26.0.0.126.
- CVE-2017-3078 (arbitrary code execution)
A memory corruption vulnerability leading to remote code execution has
been found in Adobe Flash Player < 26.0.0.126.
- CVE-2017-3079 (arbitrary code execution)
A memory corruption vulnerability leading to remote code execution has
been found in Adobe Flash Player < 26.0.0.126.
- CVE-2017-3081 (arbitrary code execution)
A use-after-free vulnerability leading to remote code execution has
been found in Adobe Flash Player < 26.0.0.126.
- CVE-2017-3082 (arbitrary code execution)
A memory corruption vulnerability leading to remote code execution has
been found in Adobe Flash Player < 26.0.0.126.
- CVE-2017-3083 (arbitrary code execution)
A use-after-free vulnerability leading to remote code execution has
been found in Adobe Flash Player < 26.0.0.126.
- CVE-2017-3084 (arbitrary code execution)
A use-after-free vulnerability leading to remote code execution has
been found in Adobe Flash Player < 26.0.0.126.
Impact
=====
A remote attacker can execute arbitrary code on the affected host.
References
=========
https://security.archlinux.org/CVE-2017-3075
https://security.archlinux.org/CVE-2017-3076
https://security.archlinux.org/CVE-2017-3077
https://security.archlinux.org/CVE-2017-3078
https://security.archlinux.org/CVE-2017-3079
https://security.archlinux.org/CVE-2017-3081
https://security.archlinux.org/CVE-2017-3082
https://security.archlinux.org/CVE-2017-3083
https://security.archlinux.org/CVE-2017-3084
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!