Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Arch Linux: 201904-8 Critical: Flashplugin Code Execution Risks

Calendar Apr 24, 2019 User Avatar LinuxSecurity Advisories
1 min read
Archlinux Large Esm H500
Topics%20covered

Topics Covered

security advisory critical issue arbitrary code execution information disclosure Arch Linux flashplugin
The package flashplugin before version 32.0.0.171-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. 
Arch Linux Security Advisory ASA-201904-8
========================================
Severity: Critical
Date    : 2019-04-12
CVE-ID  : CVE-2019-7096 CVE-2019-7108
Package : flashplugin
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-949

Summary
======
The package flashplugin before version 32.0.0.171-1 is vulnerable to
multiple issues including arbitrary code execution and information
disclosure.

Resolution
=========
Upgrade to 32.0.0.171-1.

# pacman -Syu "flashplugin>=32.0.0.171-1"

The problems have been fixed upstream in version 32.0.0.171.

Workaround
=========
None.

Description
==========
- CVE-2019-7096 (arbitrary code execution)

An arbitrary code execution issue has been found in Adobe Flash Player
before 32.0.0.171.

- CVE-2019-7108 (information disclosure)

An out-of-bounds read has been found in Adobe Flash Player before
32.0.0.171.

Impact
=====
A remote attacker can execute arbitrary code on the affected host.

References
=========
https://security.archlinux.org/CVE-2019-7096
https://security.archlinux.org/CVE-2019-7108

Related News

Your message here