VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201607-0517 CVE-2016-4242 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0516 CVE-2016-4241 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0515 CVE-2016-4240 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0514 CVE-2016-4239 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0129 CVE-2016-4214 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0128 CVE-2016-4213 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0127 CVE-2016-4212 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0126 CVE-2016-4211 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0125 CVE-2016-4210 Windows and Mac OS X Run on Adobe Reader and Acrobat Integer overflow vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Acrobat and Reader are prone to an unspecified remote integer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. An integer overflow vulnerability exists in several Adobe products
VAR-201607-0124 CVE-2016-4209 Windows and Mac OS X Run on Adobe Reader and Acrobat Heap-based buffer overflow vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
VAR-201607-0123 CVE-2016-4208 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0122 CVE-2016-4207 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0121 CVE-2016-4206 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0120 CVE-2016-4205 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerabilities in arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability is CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 This is a different vulnerability.Arbitrary code execution or denial of service by an attacker ( Memory corruption ) May be in a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0119 CVE-2016-4204 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0118 CVE-2016-4203 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0117 CVE-2016-4202 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of XPath expressions. A PDF document with a specific 'number' element and an XPath expression can force Adobe Reader DC to write values past the end of an allocated object. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat DC is a set of desktop PDF solutions; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0116 CVE-2016-4201 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat DC is a set of desktop PDF solutions; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0115 CVE-2016-4200 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of XPath expressions. A PDF document with a specific "copy-of" element and an XPath expression can force Adobe Reader DC to write values past the end of an allocated object. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products
VAR-201607-0114 CVE-2016-4199 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of XPath expressions. A PDF document with a specific "for-each" element and an XPath expression can force Adobe Reader DC to write values past the end of an allocated object. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat DC is a set of desktop PDF solutions; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. Security flaws exist in several Adobe products