Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201609-0027 CVE-2016-1279 Juniper Junos OS of J-Web Vulnerability in which important information is obtained CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via unspecified vectors. Juniper Junos is prone to a remote privilege-escalation vulnerability. An attacker can exploit this vulnerability to gain administrative privileges. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. J-Web is one of the network management tools. The following versions are affected: Juniper Junos OS prior to 12.1X46-D45, 12.1X46-D50, 12.1X47 prior to 12.1X47-D35, 12.3 prior to 12.3R12, 12.3X48 prior to 12.3X48-D25, 13.3 13.3 before R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, 15.1R before 15.1R3
VAR-201609-0028 CVE-2016-1280 Juniper Junos OS of PKId Vulnerabilities that bypass the certificate validation mechanism CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before 15.1X49-D20, 15.1X53 before 15.1X53-D60, and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled in Junos. Supplementary information : CWE Vulnerability type by CWE-297: Improper Validation of Certificate with Host Mismatch ( Improper validation of certificates due to host mismatch ) Has been identified. Juniper Junos is prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform spoofing attacks and bypass certain security restrictions. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos OS prior to 12.1X44-D52, 12.1X46 prior to 12.1X46-D37, 12.1X47 prior to 12.1X47-D30, 12.3 prior to 12.3R12, 12.3 prior to 12.3X48-D20 X48 version, 13.3 version before 13.3R10, 14.1 version before 14.1R8, 14.1X53 version before 14.1X53-D40, 14.2 version before 14.2R7, 15.1 version before 15.1R4, 15.1X49 version before 15.1X49-D20 , 15.1X53 version before 15.1X53-D60, 16.1 version before 16.1R1
VAR-201609-0026 CVE-2016-1277 Juniper Junos OS Service disruption in (DoS) Vulnerabilities CVSS V2: 7.1
CVSS V3: 5.9
Severity: MEDIUM
Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6 or 15.1R3, and 15.1X49 before 15.1X49-D40, when configured with a GRE or IPIP tunnel, allow remote attackers to cause a denial of service (kernel panic) via a crafted ICMP packet. Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause kernel panic, resulting in a denial-of-service condition. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos OS prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3X48 prior to 12.3X48-D30, 13.3 prior to 13.3R9, 14.1 prior to 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6 or 15.1R3, 15.1X49 before 15.1X49-D40
VAR-201609-0025 CVE-2016-1275 Juniper Junos OS Important in mbuf Information vulnerability CVSS V2: 6.1
CVSS V3: 6.5
Severity: MEDIUM
Juniper Junos OS before 13.3R9, 14.1R6 before 14.1R6-S1, and 14.1 before 14.1R7, when configured with VPLS routing-instances, allows remote attackers to obtain sensitive mbuf information by injecting a flood of Ethernet frames with IPv6 MAC addresses directly into a connected interface. Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following releases are affected: Juniper Junos OS release 13.3R9, 14.1R6 prior to 14.1R6-S1, 14.1 prior to 14.1R7
VAR-201608-0004 CVE-2016-1278 Juniper SRX Runs on series devices Junos OS Vulnerability gained in CVSS V2: 6.9
CVSS V3: 7.8
Severity: HIGH
Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option. Juniper Junos is prone to a local authentication-bypass vulnerability. A local attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Juniper Junos versions 12.1X46 prior to 12.1X46-D50 are vulnerable. Juniper Junos OS on SRX Series devices is a network operating system developed by Juniper Networks (Juniper Networks) running on SRX series service gateway devices. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS prior to 12.1X46-D50 on SRX Series devices
VAR-201608-0003 CVE-2016-1276 Juniper High End SRX Runs on a series chassis system Junos OS Service disruption in (DoS) Vulnerabilities CVSS V2: 7.1
CVSS V3: 5.9
Severity: MEDIUM
Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer Gateways (ALGs) enabled allow remote attackers to cause a denial of service (CPU consumption, fab link failure, or flip-flop failovers) via vectors related to in-transit traffic matching ALG rules. Juniper Junos is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial-of-service conditions. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following releases are affected: Juniper Junos OS prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D23, 12.3X48 prior to 12.3X48-D25, 15.1X49 prior to 15.1X49-D40
VAR-201704-0066 CVE-2016-10311 SAP NetWeaver Vulnerable to stack-based buffer overflow CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. SAP NetWeaver Contains a stack-based buffer overflow vulnerability. SAP NetWeaver is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed exploit attempts may result in a denial-of-service condition
VAR-201704-0088 CVE-2016-10304 SAP NetWeaver AS JAVA of SAP EP-RUNTIME Service disruption in components (DoS) Vulnerabilities CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788. SAP NetWeaver is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users
VAR-201609-0330 CVE-2016-4573 plural Fortinet FortiSwitch FSW Vulnerabilities that bypass authentication in the model CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account. Fortinet FortiSwitch are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. This issue is fixed in: FortiSwitch 3.4.2. Fortinet FortiSwitch is a security switching platform specially designed for Ethernet infrastructure and current network edge configuration from Fortinet. Security flaws exist in several Fortinet products. The following products are affected when in FortiLink managed mode and when upgrading to version 3.4.1: Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW- 248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D- FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, FSW-R-112D-POE module
VAR-201607-0454 CVE-2016-5787 General Electric Digital Proficy HMI/SCADA - CIMPLICITY Vulnerability in changing service settings

Related entries in the VARIoT exploits database: VAR-E-201607-0413		 CVSS V2: 4.6
CVSS V3: 6.3
Severity: MEDIUM
General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService settings may be changed by local users. GE Proficy HMI SCADA CIMPLICITY is a client/server based HMI/SCADA solution. GE Proficy HMI SCADA CIMPLICITY has a security vulnerability that allows a local attacker to exploit this vulnerability to increase privileges. This may aid in further attacks. GE Proficy HMI SCADA CIMPLICITY 8.2 SIM 26 and prior are vulnerable
VAR-201607-0529 CVE-2016-4255 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within FlateDecode. A specially crafted PDF with a specific FlateDecode stream can force a dangling pointer to be reused after it has been freed. Failed attacks may cause a denial-of-service condition. The title has been changed to better reflect the underlying component affected. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products
VAR-201607-0528 CVE-2016-4254 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, and CVE-2016-4252. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 ,and CVE-2016-4252 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products
VAR-201607-0527 CVE-2016-4252 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4251 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products
VAR-201607-0526 CVE-2016-4251 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4250 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of FlateDecode streams. A crafted FlateDecode stream can trigger a read past the end of an allocated buffer. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF . A use-after-free vulnerability exists in several Adobe products
VAR-201607-0525 CVE-2016-4250 Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. This vulnerability CVE-2016-4191 , CVE-2016-4192 , CVE-2016-4193 , CVE-2016-4194 , CVE-2016-4195 , CVE-2016-4196 , CVE-2016-4197 , CVE-2016-4198 , CVE-2016-4199 , CVE-2016-4200 , CVE-2016-4201 , CVE-2016-4202 , CVE-2016-4203 , CVE-2016-4204 , CVE-2016-4205 , CVE-2016-4206 , CVE-2016-4207 , CVE-2016-4208 , CVE-2016-4211 , CVE-2016-4212 , CVE-2016-4213 , CVE-2016-4214 , CVE-2016-4251 , CVE-2016-4252 ,and CVE-2016-4254 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A use-after-free vulnerability exists in several Adobe products
VAR-201607-0524 CVE-2016-4249 Adobe Flash Player Heap-based buffer overflow vulnerability CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors. Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0523 CVE-2016-4248 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, and CVE-2016-4231. This vulnerability CVE-2016-4173 , CVE-2016-4174 , CVE-2016-4222 , CVE-2016-4226 , CVE-2016-4227 , CVE-2016-4228 , CVE-2016-4229 , CVE-2016-4230 ,and CVE-2016-4231 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0521 CVE-2016-4246 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, and CVE-2016-4245. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0522 CVE-2016-4247 Adobe Flash Player Vulnerability in which important information is obtained CVSS V2: 2.6
CVSS V3: 5.3
Severity: MEDIUM
Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information via unspecified vectors. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Hi @ll, the executable installers of Flash Player released 2016-06-15 fixed CVE-2016-1014 in the second attempt, but another vulnerability remained: they create(d) and use(d) UNSAFE temporary subdirectories into which they copy/ied themselves and extract(ed) a file "fpb.tmp" which they load(ed) and execute(d) later with elevated privileges. An unprivileged user can/could overwrite both files between creation and execution and gain elevation of privilege. See <https://cwe.mitre.org/data/definitions/379.html> for this type of well-known and well-documented vulnerability! stay tuned Stefan Kanthak Timeline: ~~~~~~~~~ 2016-03-12 initial report sent to Adobe PSIRT 2016-03-13 Adobe PSIRT acknowledges vulnerability and assigns PSIRT-4904 2016-04-06 Adobe PSIRT informs about CVE assigned and upcoming fix scheduled for release later that week 2016-04-17 notification sent to Adobe PSIRT: fix is incomplete, vulnerability persists 2016-04-17 Adobe PSIRT acknowledges receipt of second report 2016-04-17 Adobe PSIRT acknowledges vulnerability ... again 2016-06-17 Adobe released fixed Flash Player (un)installers, report for CVE-2016-1014 published 2016-06-17 new report sent to Adobe PSIRT: unsafe TEMP directory allows escalation of privilege 2016-06-17 Adobe PSIRT acknowledges receipt 2016-06-17 Adobe PSIRT acknowledges vulnerability and assigns PSIRT-5480 2016-07-10 Adobe PSIRT informs about CVE assigned and upcoming fix scheduled for release later this week 2016-07-12 Adobe released fixed Flash Player (un)installers, report for CVE-2016-4247 published . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0518 CVE-2016-4243 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce