flashplugin: multiple issues

2016-04-10T00:00:00
ID ASA-201604-7
Type archlinux
Reporter Arch Linux
Modified 2016-04-10T00:00:00

Description

  • CVE-2016-1006 (JIT spraying mitigation bypass)

These updates harden a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations.

  • CVE-2016-1015 CVE-2016-1019 (arbitrary code execution)

These updates resolve type confusion vulnerabilities that could lead to code execution.

  • CVE-2016-1011 CVE-2016-1013 CVE-2016-1016 CVE-2016-1017 CVE-2016-1031 (arbitrary code execution)

These updates resolve use-after-free vulnerabilities that could lead to code execution.

  • CVE-2016-1012 CVE-2016-1020 CVE-2016-1021 CVE-2016-1022 CVE-2016-1023 CVE-2016-1024 CVE-2016-1025 CVE-2016-1026 CVE-2016-1027 CVE-2016-1028 CVE-2016-1029 CVE-2016-1032 CVE-2016-1033 (arbitrary code execution)

These updates resolve memory corruption vulnerabilities that could lead to code execution.

  • CVE-2016-1018 (arbitrary code execution)

These updates resolve a stack overflow vulnerability that could lead to code execution.

  • CVE-2016-1030 (sandbox restriction bypass)

These updates resolve a security bypass vulnerability.

  • CVE-2016-1014 (arbitrary code execution)

These updates resolve a vulnerability in the directory search path used to find resources that could lead to code execution.