lib32-flashplugin: multiple issues

2016-09-15T00:00:00
ID ASA-201609-12
Type archlinux
Reporter Arch Linux
Modified 2016-09-15T00:00:00

Description

  • CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 (arbitrary code execution)

Multiple Memory corruption vulnerabilities that could lead to arbitrary code execution have been found. These vulnerabilities were discovered by Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero, willJ of Tencent PC Manager, Yuki Chen of Qihoo 360 Vulcan Team, <A HREF="https://lists.archlinux.org/listinfo/arch-security">b0nd at garage4hackers</A> working with Trend Micro's Zero Day Initiative, and Tao Yan (@Ga1ois) of Palo Alto Networks

  • CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932 (arbitrary code execution)

Multiple use-after-free vulnerabilities that could lead to arbitrary code execution have been found. These vulnerabilities have been discovered by, Mumei working with Trend Micro's Zero Day Initiative, Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability Rewards Program, willJ of Tencent PC Manager, JieZeng of Tencent Zhanlu Lab working with the Chromium Vulnerability Rewards Program, Nicolas Joly of Microsoft Vulnerability Research, and Yuki Chen of Qihoo 360 Vulcan Team

  • CVE-2016-4287 (arbitrary code execution)

An integer overflow vulnerability that could lead to arbitrary code execution has been found. This vulnerability has been discovered by Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability Rewards Program.

  • CVE-2016-4271, CVE-2016-4277, CVE-2016-4278 (information disclosure)

A Security bypass vulnerablity that could lead to information disclosure has been found. These vulnerabilities have been found by Leone Pontorieri, Soroush Dalili and Matthew Evans from NCC Group, and Nicolas Joly of Microsoft Vulnerability Research