Subject: [ASA-201702-15] flashplugin: arbitrary code execution Arch Linux Security Advisory ASA-201702-15 ========================================== Severity: Critical Date : 2017-02-17 CVE-ID : CVE-2017-2982 CVE-2017-2984 CVE-2017-2985 CVE-2017-2986 CVE-2017-2987 CVE-2017-2988 CVE-2017-2990 CVE-2017-2991 CVE-2017-2992 CVE-2017-2993 CVE-2017-2994 CVE-2017-2995 CVE-2017-2996 Package : flashplugin Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-176 Summary ======= The package flashplugin before version 24.0.0.221-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 24.0.0.221-1. # pacman -Syu "flashplugin>=24.0.0.221-1" The problems have been fixed upstream in version 24.0.0.221. Workaround ========== None. Description =========== - CVE-2017-2982 (arbitrary code execution) A use-after-free vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. - CVE-2017-2984 (arbitrary code execution) A heap-based buffer overflow vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. - CVE-2017-2985 (arbitrary code execution) A use-after-free vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. - CVE-2017-2986 (arbitrary code execution) A heap-based buffer overflow vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. - CVE-2017-2987 (arbitrary code execution) An integer overflow vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. - CVE-2017-2988 (arbitrary code execution) A memory corruption vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. - CVE-2017-2990 (arbitrary code execution) A memory corruption vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. - CVE-2017-2991 (arbitrary code execution) A memory corruption vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. - CVE-2017-2992 (arbitrary code execution) A heap-based buffer overflow vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. - CVE-2017-2993 (arbitrary code execution) A use-after-free vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. - CVE-2017-2994 (arbitrary code execution) A use-after-free vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. - CVE-2017-2995 (arbitrary code execution) A type confusion vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. - CVE-2017-2996 (arbitrary code execution) A memory corruption vulnerability possibly leading to code execution has been found in Adobe Flash Player < 24.0.0.221. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://helpx.adobe.com/security/products/flash-player/apsb17-04.html https://security.archlinux.org/CVE-2017-2982 https://security.archlinux.org/CVE-2017-2984 https://security.archlinux.org/CVE-2017-2985 https://security.archlinux.org/CVE-2017-2986 https://security.archlinux.org/CVE-2017-2987 https://security.archlinux.org/CVE-2017-2988 https://security.archlinux.org/CVE-2017-2990 https://security.archlinux.org/CVE-2017-2991 https://security.archlinux.org/CVE-2017-2992 https://security.archlinux.org/CVE-2017-2993 https://security.archlinux.org/CVE-2017-2994 https://security.archlinux.org/CVE-2017-2995 https://security.archlinux.org/CVE-2017-2996