ArchLinux: 201711-22: lib32-flashplugin: arbitrary code execution
Summary
- CVE-2017-11213 (arbitrary code execution)
An out-of-bounds access vulnerability has been discovered in
flashplugin before 27.0.0.187 leading to arbitrary code execution when
playing a specially crafted SWF file.
- CVE-2017-11215 (arbitrary code execution)
An use after free vulnerability has been discovered in flashplugin
before 27.0.0.187 leading to arbitrary code execution when playing a
specially crafted SWF file.
- CVE-2017-11225 (arbitrary code execution)
An use after free vulnerability has been discovered in flashplugin
before 27.0.0.187 leading to arbitrary code execution when playing a
specially crafted SWF file.
- CVE-2017-3112 (arbitrary code execution)
An out-of-bounds access vulnerability has been discovered in
flashplugin before 27.0.0.187 leading to arbitrary code execution when
playing a specially crafted SWF file.
- CVE-2017-3114 (arbitrary code execution)
An out-of-bounds access vulnerability has been discovered in
flashplugin before 27.0.0.187 leading to arbitrary code execution when
playing a specially crafted SWF file.
Resolution
Upgrade to 27.0.0.187-1.
# pacman -Syu "lib32-flashplugin>=27.0.0.187-1"
The problems have been fixed upstream in version 27.0.0.187.
References
https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html https://security.archlinux.org/CVE-2017-11213 https://security.archlinux.org/CVE-2017-11215 https://security.archlinux.org/CVE-2017-11225 https://security.archlinux.org/CVE-2017-3112 https://security.archlinux.org/CVE-2017-3114
Workaround
None.