FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Adobe Flash Player -- critical vulnerabilities

Affected packages
linux-c6-flashplugin <= 11.2r202.457
linux-f10-flashplugin <= 11.2r202.457

Details

VuXML ID e206df57-f97b-11e4-b799-c485083ca99c
Discovery 2015-05-12
Entry 2015-05-13

Adobe reports:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093).

These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2015-3088).

These updates resolve a time-of-check time-of-use (TOCTOU) race condition that could be exploited to bypass Protected Mode in Internet Explorer (CVE-2015-3081).

These updates resolve validation bypass issues that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-3087).

These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).

These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2015-3080).

These updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-3091, CVE-2015-3092).

These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3079), and provide additional hardening to protect against CVE-2015-3044.

References

CVE Name CVE-2015-3044
CVE Name CVE-2015-3077
CVE Name CVE-2015-3078
CVE Name CVE-2015-3079
CVE Name CVE-2015-3080
CVE Name CVE-2015-3081
CVE Name CVE-2015-3082
CVE Name CVE-2015-3083
CVE Name CVE-2015-3084
CVE Name CVE-2015-3085
CVE Name CVE-2015-3086
CVE Name CVE-2015-3087
CVE Name CVE-2015-3088
CVE Name CVE-2015-3089
CVE Name CVE-2015-3090
CVE Name CVE-2015-3091
CVE Name CVE-2015-3092
CVE Name CVE-2015-3093
URL https://helpx.adobe.com/security/products/flash-player/apsb15-09.html