Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201607-0075 CVE-2016-4227 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248. This vulnerability CVE-2016-4173 , CVE-2016-4174 , CVE-2016-4222 , CVE-2016-4226 , CVE-2016-4228 , CVE-2016-4229 , CVE-2016-4230 , CVE-2016-4231 ,and CVE-2016-4248 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0076 CVE-2016-4228 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248. This vulnerability CVE-2016-4173 , CVE-2016-4174 , CVE-2016-4222 , CVE-2016-4226 , CVE-2016-4227 , CVE-2016-4229 , CVE-2016-4230 , CVE-2016-4231 ,and CVE-2016-4248 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0069 CVE-2016-4221 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0067 CVE-2016-4219 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0073 CVE-2016-4225 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224. This vulnerability CVE-2016-4223 and CVE-2016-4224 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-843:Access of Resource Using Incompatible Type ( Mixing of molds ) Has been identified. http://cwe.mitre.org/data/definitions/843.htmlUnspecified by attacker " Mixing of molds (type confusion)" May be used to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of AdBreakPlacement objects. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0071 CVE-2016-4223 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4224 and CVE-2016-4225. This vulnerability CVE-2016-4224 and CVE-2016-4225 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-843:Access of Resource Using Incompatible Type ( Mixing of molds ) Has been identified. http://cwe.mitre.org/data/definitions/843.htmlUnspecified by attacker " Mixing of molds (type confusion)" May be used to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of AdTimelineItem objects. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0072 CVE-2016-4224 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4225. This vulnerability CVE-2016-4223 and CVE-2016-4225 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-843:Access of Resource Using Incompatible Type ( Mixing of molds ) Has been identified. http://cwe.mitre.org/data/definitions/843.htmlUnspecified by attacker " Mixing of molds (type confusion)" May be used to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DeleteRangeTimelineOperation objects. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0068 CVE-2016-4220 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0070 CVE-2016-4222 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248. This vulnerability CVE-2016-4173 , CVE-2016-4174 , CVE-2016-4226 , CVE-2016-4227 , CVE-2016-4228 , CVE-2016-4229 , CVE-2016-4230 , CVE-2016-4231 ,and CVE-2016-4248 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PrintJob objects. By setting the printAsBitmap property with a specific value, an attacker can cause a pointer to be reused after it has been freed. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0066 CVE-2016-4218 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0065 CVE-2016-4217 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "www-plugins/adobe-flash-11.2.202.632" References ========== [ 1 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 2 ] CVE-2016-4217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4217 [ 3 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 4 ] CVE-2016-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4218 [ 5 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 6 ] CVE-2016-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4219 [ 7 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 8 ] CVE-2016-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4220 [ 9 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 10 ] CVE-2016-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4221 [ 11 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 12 ] CVE-2016-4222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4222 [ 13 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 14 ] CVE-2016-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4223 [ 15 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 16 ] CVE-2016-4224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4224 [ 17 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 18 ] CVE-2016-4225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4225 [ 19 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 20 ] CVE-2016-4226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4226 [ 21 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 22 ] CVE-2016-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4227 [ 23 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 24 ] CVE-2016-4228 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4228 [ 25 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 26 ] CVE-2016-4229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4229 [ 27 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 28 ] CVE-2016-4230 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4230 [ 29 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 30 ] CVE-2016-4231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4231 [ 31 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 32 ] CVE-2016-4232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4232 [ 33 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 34 ] CVE-2016-4233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4233 [ 35 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 36 ] CVE-2016-4234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4234 [ 37 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 38 ] CVE-2016-4235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4235 [ 39 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 40 ] CVE-2016-4236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4236 [ 41 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 42 ] CVE-2016-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4237 [ 43 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 44 ] CVE-2016-4238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4238 [ 45 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 46 ] CVE-2016-4239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4239 [ 47 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 48 ] CVE-2016-4240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4240 [ 49 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 50 ] CVE-2016-4241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4241 [ 51 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 52 ] CVE-2016-4242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4242 [ 53 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 54 ] CVE-2016-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4243 [ 55 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 56 ] CVE-2016-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4244 [ 57 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 58 ] CVE-2016-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4245 [ 59 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 60 ] CVE-2016-4246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4246 [ 61 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 62 ] CVE-2016-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4247 [ 63 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 64 ] CVE-2016-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4248 [ 65 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 [ 66 ] CVE-2016-4249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201607-0096 CVE-2016-4181 Adobe Flash Player Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1423-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1423 Issue date: 2016-07-13 CVE Names: CVE-2016-4172 CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4180 CVE-2016-4181 CVE-2016-4182 CVE-2016-4183 CVE-2016-4184 CVE-2016-4185 CVE-2016-4186 CVE-2016-4187 CVE-2016-4188 CVE-2016-4189 CVE-2016-4190 CVE-2016-4217 CVE-2016-4218 CVE-2016-4219 CVE-2016-4220 CVE-2016-4221 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4233 CVE-2016-4234 CVE-2016-4235 CVE-2016-4236 CVE-2016-4237 CVE-2016-4238 CVE-2016-4239 CVE-2016-4240 CVE-2016-4241 CVE-2016-4242 CVE-2016-4243 CVE-2016-4244 CVE-2016-4245 CVE-2016-4246 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1355971 - flash-plugin: multiple code execution issues fixed in APSB16-25 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.632-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.632-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.632-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.632-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4172 https://access.redhat.com/security/cve/CVE-2016-4173 https://access.redhat.com/security/cve/CVE-2016-4174 https://access.redhat.com/security/cve/CVE-2016-4175 https://access.redhat.com/security/cve/CVE-2016-4176 https://access.redhat.com/security/cve/CVE-2016-4177 https://access.redhat.com/security/cve/CVE-2016-4178 https://access.redhat.com/security/cve/CVE-2016-4179 https://access.redhat.com/security/cve/CVE-2016-4180 https://access.redhat.com/security/cve/CVE-2016-4181 https://access.redhat.com/security/cve/CVE-2016-4182 https://access.redhat.com/security/cve/CVE-2016-4183 https://access.redhat.com/security/cve/CVE-2016-4184 https://access.redhat.com/security/cve/CVE-2016-4185 https://access.redhat.com/security/cve/CVE-2016-4186 https://access.redhat.com/security/cve/CVE-2016-4187 https://access.redhat.com/security/cve/CVE-2016-4188 https://access.redhat.com/security/cve/CVE-2016-4189 https://access.redhat.com/security/cve/CVE-2016-4190 https://access.redhat.com/security/cve/CVE-2016-4217 https://access.redhat.com/security/cve/CVE-2016-4218 https://access.redhat.com/security/cve/CVE-2016-4219 https://access.redhat.com/security/cve/CVE-2016-4220 https://access.redhat.com/security/cve/CVE-2016-4221 https://access.redhat.com/security/cve/CVE-2016-4222 https://access.redhat.com/security/cve/CVE-2016-4223 https://access.redhat.com/security/cve/CVE-2016-4224 https://access.redhat.com/security/cve/CVE-2016-4225 https://access.redhat.com/security/cve/CVE-2016-4226 https://access.redhat.com/security/cve/CVE-2016-4227 https://access.redhat.com/security/cve/CVE-2016-4228 https://access.redhat.com/security/cve/CVE-2016-4229 https://access.redhat.com/security/cve/CVE-2016-4230 https://access.redhat.com/security/cve/CVE-2016-4231 https://access.redhat.com/security/cve/CVE-2016-4232 https://access.redhat.com/security/cve/CVE-2016-4233 https://access.redhat.com/security/cve/CVE-2016-4234 https://access.redhat.com/security/cve/CVE-2016-4235 https://access.redhat.com/security/cve/CVE-2016-4236 https://access.redhat.com/security/cve/CVE-2016-4237 https://access.redhat.com/security/cve/CVE-2016-4238 https://access.redhat.com/security/cve/CVE-2016-4239 https://access.redhat.com/security/cve/CVE-2016-4240 https://access.redhat.com/security/cve/CVE-2016-4241 https://access.redhat.com/security/cve/CVE-2016-4242 https://access.redhat.com/security/cve/CVE-2016-4243 https://access.redhat.com/security/cve/CVE-2016-4244 https://access.redhat.com/security/cve/CVE-2016-4245 https://access.redhat.com/security/cve/CVE-2016-4246 https://access.redhat.com/security/cve/CVE-2016-4247 https://access.redhat.com/security/cve/CVE-2016-4248 https://access.redhat.com/security/cve/CVE-2016-4249 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-25.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXho6cXlSAg2UNWIIRAp9tAKCwWeHDwGxx4MZRSsZtYsaP7bf+8ACcCmVr 3PPWGTqHtaFvIBLqaCpxcMk= =uyDE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201608-0489 No CVE Unknown vulnerabilities in multiple Hitachi products CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Hitachi Device Manager is a set of mobile device management software; Replication Manager is a set of data replication software that simplifies Hitachi storage systems. Multiple Hitachi products have security vulnerabilities that allow attackers to use this vulnerability to obtain sensitive information or launch further attacks
VAR-201607-0426 CVE-2016-1445 Cisco Adaptive Security Appliance In software ICMP Echo Reply ACL Vulnerability to avoid CVSS V2: 4.3
CVSS V3: 5.3
Severity: MEDIUM
Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlThrough processing on subtypes by a third party, ICMP Echo Reply ACL May be avoided. Remote attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuy25163
VAR-201612-0027 CVE-2016-5647 Windows Intel running on Graphics driver igdkmd64 Service disruption in modules (DoS) Vulnerabilities CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash) or gain privileges via a crafted D3DKMTEscape request. Intel HD Graphics Windows Kernel Driver is prone to a local arbitrary code-execution vulnerability. A local attacker can exploit this issue to execute arbitrary code or gain elevated privileges. Intel HD Graphics Windows Kernel Driver 10.18.14.4264 is vulnerable
VAR-201609-0049 CVE-2016-6172 PowerDNS Authoritative Server Service disruption in (DoS) Vulnerabilities CVSS V2: 7.1
CVSS V3: 6.8
Severity: MEDIUM
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response. Supplementary information : CWE Vulnerability type by CWE-400: Uncontrolled Resource Consumption ( Resource depletion ) Has been identified. Multiple DNS Servers are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users
VAR-201702-0036 CVE-2016-6171 Knot DNS Service disruption in (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: 8.6
Severity: HIGH
Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. Multiple DNS Servers are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users
VAR-201702-0037 CVE-2016-6173 NSD Service disruption in (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. Multiple DNS Servers are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users
VAR-201607-0379 CVE-2016-4503 Moxa Device Server Web Console Authentication Bypass Vulnerability CVSS V2: 5.0
CVSS V3: 9.8
Severity: CRITICAL
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value. MoxaDeviceServerWebConsole5232-N is a serial Ethernet device from Moxa. An authentication bypass vulnerability exists in the MoxaDeviceServerWebConsole5232-N release. An attacker could exploit the vulnerability to gain access to change settings and data on the target device. Moxa Device Server Web Console is prone to an authorization-bypass vulnerability. A remote attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. Moxa Device Server Web Console 5232-N is vulnerable; other versions may also be affected
VAR-201701-0423 CVE-2016-5822 Huawei OceanStor 5800 Denial of Service Vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets. HuaweiOceanStor5800 is a storage product for China's high-end storage applications. A denial of service vulnerability exists in the Huawei OceanStor 5800V3V300R002C10 release. Huawei OceanStor 5800 is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a high CPU consumption, resulting in a denial-of-service condition