Fwd: [arch-security] [ASA-201507-7] flashplugin: remote code execution

Florian Bruhin me at the-compiler.org
Wed Jul 8 14:01:28 CEST 2015


FYI - update your flash player, or leave allow-plugins set to false ;)

Florian

----- Forwarded message from Remi Gacogne <rgacogne at archlinux.org> -----

Arch Linux Security Advisory ASA-201507-7
=========================================

Severity: Critical
Date    : 2015-07-08
CVE-ID  : CVE-2015-5119
Package : flashplugin
Type    : remote code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package flashplugin before version 11.2.202.481-1 is vulnerable to
remote code execution.

Resolution
==========

Upgrade to 11.2.202.481-1.

# pacman -Syu "flashplugin>=11.2.202.481-1"

The problem has been fixed upstream in version 11.2.202.481.

Workaround
==========

None.

Description
===========

A critical vulnerability (use-after-free in the AS3 ByteArray class) has
been identified in Adobe Flash Player 18.0.0.194 and earlier versions
for Windows, Macintosh and Linux. Successful exploitation could cause a
crash and potentially allow an attacker to take control of the affected
system.

Adobe is aware of reports that an exploit targeting this vulnerability
has been published publicly.

Impact
======

A remote attacker can execute arbitrary code on the affected host using
a crafted flash application.

References
==========

https://access.redhat.com/security/cve/CVE-2015-5119
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
https://www.kb.cert.org/vuls/id/561288
http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/

----- End forwarded message -----

-- 
http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP)
   GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc
         I love long mails! | http://email.is-not-s.ms/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://listi.jpberlin.de/pipermail/qutebrowser/attachments/20150708/a54b977d/attachment.sig>


More information about the qutebrowser mailing list