FYI - update your flash player, or leave allow-plugins set to false ;) Florian
----- Forwarded message from Remi Gacogne <[email protected]> ----- Arch Linux Security Advisory ASA-201507-7 ========================================= Severity: Critical Date : 2015-07-08 CVE-ID : CVE-2015-5119 Package : flashplugin Type : remote code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package flashplugin before version 11.2.202.481-1 is vulnerable to remote code execution. Resolution ========== Upgrade to 11.2.202.481-1. # pacman -Syu "flashplugin>=11.2.202.481-1" The problem has been fixed upstream in version 11.2.202.481. Workaround ========== None. Description =========== A critical vulnerability (use-after-free in the AS3 ByteArray class) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Impact ====== A remote attacker can execute arbitrary code on the affected host using a crafted flash application. References ========== https://access.redhat.com/security/cve/CVE-2015-5119 https://helpx.adobe.com/security/products/flash-player/apsa15-03.html https://www.kb.cert.org/vuls/id/561288 http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/ ----- End forwarded message ----- -- http://www.the-compiler.org | [email protected] (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc I love long mails! | http://email.is-not-s.ms/
pgphH9YgUBJCy.pgp
Description: PGP signature
