Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Arch Linux: ASA-201711-21 Critical: Flashplugin Arbitrary Code Execution

Calendar Nov 15, 2017 User Avatar LinuxSecurity Advisories
1 - 2 min read
Archlinux Large Esm H500
Topics%20covered

Topics Covered

security advisory security issue critical arbitrary code execution Arch Linux flashplugin
The package flashplugin before version 27.0.0.187-1 is vulnerable to arbitrary code execution. 
Arch Linux Security Advisory ASA-201711-21
=========================================
Severity: Critical
Date    : 2017-11-15
CVE-ID  : CVE-2017-11213 CVE-2017-11215 CVE-2017-11225 CVE-2017-3112
          CVE-2017-3114
Package : flashplugin
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-492

Summary
======
The package flashplugin before version 27.0.0.187-1 is vulnerable to
arbitrary code execution.

Resolution
=========
Upgrade to 27.0.0.187-1.

# pacman -Syu "flashplugin>=27.0.0.187-1"

The problems have been fixed upstream in version 27.0.0.187.

Workaround
=========
None.

Description
==========
- CVE-2017-11213 (arbitrary code execution)

An out-of-bounds access vulnerability has been discovered in
flashplugin before 27.0.0.187 leading to arbitrary code execution when
playing a specially crafted SWF file.

- CVE-2017-11215 (arbitrary code execution)

An use after free vulnerability has been discovered in flashplugin
before 27.0.0.187 leading to arbitrary code execution when playing a
specially crafted SWF file.

- CVE-2017-11225 (arbitrary code execution)

An use after free vulnerability has been discovered in flashplugin
before 27.0.0.187 leading to arbitrary code execution when playing a
specially crafted SWF file.

- CVE-2017-3112 (arbitrary code execution)

An out-of-bounds access vulnerability has been discovered in
flashplugin before 27.0.0.187 leading to arbitrary code execution when
playing a specially crafted SWF file.

- CVE-2017-3114 (arbitrary code execution)

An out-of-bounds access vulnerability has been discovered in
flashplugin before 27.0.0.187 leading to arbitrary code execution when
playing a specially crafted SWF file.

Impact
=====
A remote attacker is able to execute arbitrary code on the affected
host via a specially crafted SWF file.

References
=========
https://security.archlinux.org/CVE-2017-11213
https://security.archlinux.org/CVE-2017-11215
https://security.archlinux.org/CVE-2017-11225
https://security.archlinux.org/CVE-2017-3112
https://security.archlinux.org/CVE-2017-3114

Related News

Your message here