Subject: [ASA-201610-18] flashplugin: arbitrary code execution Arch Linux Security Advisory ASA-201610-18 ========================================== Severity: Critical Date : 2016-10-26 CVE-ID : CVE-2016-7855 Package : flashplugin Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-52 Summary ======= The package flashplugin before version 11.2.202.643-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 11.2.202.643-1. # pacman -Syu "flashplugin>=11.2.202.643-1" The problem has been fixed upstream in version 11.2.202.643. Workaround ========== None. Description =========== A use-after-free vulnerability leading to code execution has been found in Adobe Flash Player. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://helpx.adobe.com/security/products/flash-player/apsb16-36.html https://security.archlinux.org/CVE-2016-7855