Subject: [ASA-201904-8] flashplugin: multiple issues Arch Linux Security Advisory ASA-201904-8 ========================================= Severity: Critical Date : 2019-04-12 CVE-ID : CVE-2019-7096 CVE-2019-7108 Package : flashplugin Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-949 Summary ======= The package flashplugin before version 32.0.0.171-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 32.0.0.171-1. # pacman -Syu "flashplugin>=32.0.0.171-1" The problems have been fixed upstream in version 32.0.0.171. Workaround ========== None. Description =========== - CVE-2019-7096 (arbitrary code execution) An arbitrary code execution issue has been found in Adobe Flash Player before 32.0.0.171. - CVE-2019-7108 (information disclosure) An out-of-bounds read has been found in Adobe Flash Player before 32.0.0.171. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://helpx.adobe.com/security/products/flash-player/apsb19-19.html https://security.archlinux.org/CVE-2019-7096 https://security.archlinux.org/CVE-2019-7108