ArchLinux: 201806-7: flashplugin: multiple issues
Summary
- CVE-2018-4945 (arbitrary code execution)
A type confusion issue has been found in Adobe Flash Player before
30.0.0.113, leading to arbitrary code execution.
- CVE-2018-5000 (information disclosure)
An integer overflow issue has been found in Adobe Flash Player before
30.0.0.113, leading to information disclosure.
- CVE-2018-5001 (information disclosure)
An out-of-bounds read has been found in Adobe Flash Player before
30.0.0.113, leading to information disclosure.
- CVE-2018-5002 (arbitrary code execution)
A stack-based buffer overflow has been found in Adobe Flash Player
before 30.0.0.113, leading to arbitrary code execution.
Resolution
Upgrade to 30.0.0.113-1.
# pacman -Syu "flashplugin>=30.0.0.113-1"
The problems have been fixed upstream in version 30.0.0.113.
References
https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html https://security.archlinux.org/CVE-2018-4945 https://security.archlinux.org/CVE-2018-5000 https://security.archlinux.org/CVE-2018-5001 https://security.archlinux.org/CVE-2018-5002
Workaround
None.