Arch Linux Security Advisory ASA-201811-19 ========================================== Severity: Critical Date : 2018-11-22 CVE-ID : CVE-2018-15981 Package : flashplugin Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-818 Summary ======= The package flashplugin before version 31.0.0.153-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 31.0.0.153-1. # pacman -Syu "flashplugin>=31.0.0.153-1" The problem has been fixed upstream in version 31.0.0.153. Workaround ========== None. Description =========== A type confusion vulnerability has been found in Adobe Flash Player versions prior to 31.0.0.153. Impact ====== A remote attacker can execute arbitrary code via a crafted Flash file. References ========== https://helpx.adobe.com/security/products/flash-player/apsb18-44.html https://security.archlinux.org/CVE-2018-15981