flashplugin: multiple issues

2016-07-18T00:00:00
ID ASA-201607-6
Type archlinux
Reporter Arch Linux
Modified 2016-07-18T00:00:00

Description

  • CVE-2016-4175 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 (arbitrary code execution)

Multiple Memory corruption vulnerabilities that could lead to arbitrary code execution have been found. These vulnerabilities were discovered by willJ of Tencent PC Manager, Sébastien Morin of COSIG, Yuki Chen of Qihoo 360 Vulcan Team, Wen Guanxing from Pangu LAB, and Jie Zeng of Tencent Zhanlu Lab.

  • CVE-2016-4247 (information disclosure)

A race condition that could lead to information disclosure has been discovered. This vulnerability has been discovered by Stefan Kanthak.

  • CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 (arbitrary code execution)

Three type confusion vulnerabilities that could lead to arbitrary code execution have been found. These vulnerabilities were discovered by Ohara Rinne, Kurutsu Karen, and Garandou Sara working with Trend Micro's Zero Day Initiative.

  • CVE-2016-4173 CVE-2016-4174 CVE-2016-4222 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4248 (arbitrary code execution)

Multiple use-after-free vulnerabilities that could lead to arbitrary code execution have been found. These vulnerabilities have been discovered by Nicolas Joly of Microsoft Vulnerability Research, Kai Kang (a.k.a 4B5F5F4B) working with Trend Micro's Zero Day Initiative, Jaehun Jeong(@n3sk) of WINS WSEC Analysis Team working with Trend Micro's Zero Day Initiative, and Natalie Silvanovich of Google Project Zero, and Wen Guanxing from Pangu LAB.

  • CVE-2016-4249 (arbitrary code execution)

A heap buffer overflow vulnerability that could lead to arbitrary code execution has been found. This vulnerability has been discovered to Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability Rewards Program.

  • CVE-2016-4232 (memory leak)

A memory leak vulnerability has been discovered. This vulnerability has been discovered by Natalie Silvanovich of Google Project Zero.

  • CVE-2016-4176 CVE-2016-4177 (arbitrary code execution)

Two stack corruption vulnerabilities that could lead to arbitrary code execution have been found. These have been found by Francis Provencher of COSIG.

  • CVE-2016-4178 (information disclosure)

A security bypass vulnerability that could lead to information disclosure has been discovered. These issues have been discovered by Soroush Dalili and Matthew Evans from NCC Group.