SB2016091501 - Arch Linux update for lib32-flashplugin 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016091501

SB2016091501 - Arch Linux update for lib32-flashplugin

Published: September 15, 2016

Security Bulletin ID SB2016091501
Severity
High
Patch available
YES
Number of vulnerabilities 26
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 88% Low 12%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 26 secuirty vulnerabilities.


1) Security bypass (CVE-ID: CVE-2016-4271)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security limitations and gain access to imprortant data.

Successful exploitation of the vulnerability results in information disclosure or further attacks on the vulnerable system.


2) “Use-after-free” error (CVE-ID: CVE-2016-4272)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

3) Memory corruption (CVE-ID: CVE-2016-4274)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

4) Memory corruption (CVE-ID: CVE-2016-4275)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

5) Memory corruption (CVE-ID: CVE-2016-4276)

The vulnerability allows a remote unathenticated user to cause arbitrary code execution on the target system.

The weakness exists due to boundary error. After tricking the victim to visit a web page containing crafted Flash content attackers can cause memory corruption and execute arbitary code.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

6) Security bypass (CVE-ID: CVE-2016-4277)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security limitations and gain access to imprortant data.

Successful exploitation of the vulnerability results in information disclosure or further attacks on the vulnerable system.


7) Security bypass (CVE-ID: CVE-2016-4278)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security limitations and gain access to imprortant data.

Successful exploitation of the vulnerability results in information disclosure or further attacks on the vulnerable system.


8) “Use-after-free” error (CVE-ID: CVE-2016-4279)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

9) Memory corruption (CVE-ID: CVE-2016-4280)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

10) Memory corruption (CVE-ID: CVE-2016-4281)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

11) Memory corruption (CVE-ID: CVE-2016-4282)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

12) Memory corruption (CVE-ID: CVE-2016-4283)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

13) Memory corruption (CVE-ID: CVE-2016-4284)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

14) Memory corruption (CVE-ID: CVE-2016-4285)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

15) Integer overflow (CVE-ID: CVE-2016-4287)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

16) “Use-after-free” error (CVE-ID: CVE-2016-6921)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

17) Memory corruption (CVE-ID: CVE-2016-6922)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

18) “Use-after-free” error (CVE-ID: CVE-2016-6923)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

19) Memory corruption (CVE-ID: CVE-2016-6924)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

20) “Use-after-free” error (CVE-ID: CVE-2016-6925)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

21) “Use-after-free” error (CVE-ID: CVE-2016-6926)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

22) “Use-after-free” error (CVE-ID: CVE-2016-6927)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

23) “Use-after-free” error (CVE-ID: CVE-2016-6929)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

24) “Use-after-free” error (CVE-ID: CVE-2016-6930)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

25) “Use-after-free” error (CVE-ID: CVE-2016-6931)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

26) “Use-after-free” error (CVE-ID: CVE-2016-6932)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

References