I don't think I have to comment on this anymore, but it might be nice to know if you didn't already ;)
----- Forwarded message from Levente Polyak <[email protected]> ----- Arch Linux Security Advisory ASA-201507-13 ========================================== Severity: Critical Date : 2015-07-16 CVE-ID : CVE-2015-5122 CVE-2015-5123 Package : flashplugin Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package flashplugin before version 11.2.202.491-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 11.2.202.491-1. # pacman -Syu "flashplugin>=11.2.202.491-1" The problems have been fixed upstream in version 11.2.202.491. Workaround ========== None. Description =========== - CVE-2015-5122 (arbitrary code execution) Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property. - CVE-2015-5123 (arbitrary code execution) Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function. Impact ====== A remote attacker is able to use a specially crafted flash application to execute arbitrary code. References ========== https://helpx.adobe.com/security/products/flash-player/apsb15-18.html https://access.redhat.com/security/cve/CVE-2015-5122 https://access.redhat.com/security/cve/CVE-2015-5123 ----- End forwarded message ----- -- http://www.the-compiler.org | [email protected] (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc I love long mails! | http://email.is-not-s.ms/
pgpKEmgtC8_zZ.pgp
Description: PGP signature
