VARIoT IoT vulnerabilities database
| VAR-201604-0517 | CVE-2016-1015 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified "type confusion," a different vulnerability than CVE-2016-1019. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the NetConnection objects. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0168 | CVE-2016-1026 | Adobe Flash Player Vulnerabilities in arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0166 | CVE-2016-1030 | Adobe Flash Player Vulnerable to access restrictions |
CVSS V2: 5.8 CVSS V3: 8.1 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0167 | CVE-2016-1025 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0164 | CVE-2016-1028 | Adobe Flash Player Vulnerabilities in arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0165 | CVE-2016-1029 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1032, and CVE-2016-1033. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0163 | CVE-2016-1027 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0162 | CVE-2016-1021 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0161 | CVE-2016-1020 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0156 | CVE-2016-1018 | Adobe Flash Player Vulnerable to stack-based buffer overflow |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via crafted JPEG-XR data. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of JPEG-XR files. The issue lies in the failure to properly check that an index is within the bounds of a buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Failed attempts will likely cause a denial-of-service condition. The title has been changed to better reflect security impact and the vulnerability information. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0155 | CVE-2016-1017 | Adobe Flash Player of LoadVars.decode Vulnerability in arbitrary code execution in function |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031. This vulnerability CVE-2016-1011 , CVE-2016-1013 , CVE-2016-1016 ,and CVE-2016-1031 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of LoadVars.decode. The issue lies in the failure to safely hold a reference to arguments during execution of the function. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0152 | CVE-2016-1031 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017. This vulnerability CVE-2016-1011 , CVE-2016-1013 , CVE-2016-1016 ,and CVE-2016-1017 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0154 | CVE-2016-1033 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1032. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0153 | CVE-2016-1032 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1033. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0151 | CVE-2016-1024 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0150 | CVE-2016-1023 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0149 | CVE-2016-1022 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:0610-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html
Issue date: 2016-04-08
CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.616. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,
CVE-2016-1033)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.616-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.616-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.616-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1006
https://access.redhat.com/security/cve/CVE-2016-1011
https://access.redhat.com/security/cve/CVE-2016-1012
https://access.redhat.com/security/cve/CVE-2016-1013
https://access.redhat.com/security/cve/CVE-2016-1014
https://access.redhat.com/security/cve/CVE-2016-1015
https://access.redhat.com/security/cve/CVE-2016-1016
https://access.redhat.com/security/cve/CVE-2016-1017
https://access.redhat.com/security/cve/CVE-2016-1018
https://access.redhat.com/security/cve/CVE-2016-1019
https://access.redhat.com/security/cve/CVE-2016-1020
https://access.redhat.com/security/cve/CVE-2016-1021
https://access.redhat.com/security/cve/CVE-2016-1022
https://access.redhat.com/security/cve/CVE-2016-1023
https://access.redhat.com/security/cve/CVE-2016-1024
https://access.redhat.com/security/cve/CVE-2016-1025
https://access.redhat.com/security/cve/CVE-2016-1026
https://access.redhat.com/security/cve/CVE-2016-1027
https://access.redhat.com/security/cve/CVE-2016-1028
https://access.redhat.com/security/cve/CVE-2016-1029
https://access.redhat.com/security/cve/CVE-2016-1030
https://access.redhat.com/security/cve/CVE-2016-1031
https://access.redhat.com/security/cve/CVE-2016-1032
https://access.redhat.com/security/cve/CVE-2016-1033
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu
G9PFZU0Qlj7WStliuEGAtVg=
=hje9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201604-0278 | CVE-2016-2354 | Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access |
CVSS V2: 8.0 CVSS V3: 8.8 Severity: HIGH |
The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering. Lemur Vehicle Monitors of BlueDriver LSB2 Is OBD2 A device that connects to a port to provide information about vehicle performance. BlueDriver LSB2 Is Bluetooth For access by PIN Is not required Bluetooth Anyone within range of the vehicle CAN (Controller Area Network) Any command can be sent to the bus. Lack of authentication for critical functions (CWE-306) - CVE-2016-2354 CERT/CC Is BlueDriver LSB2 What Bluetooth When accessing with PIN Confirmed that is not necessary. This issue Bluetooth Anyone within range of OBD2 It is possible to obtain diagnostic information such as fuel consumption, trouble code, speed, and displacement information. Also, the attacker CAN (Controller Area Network) Any command can be sent to the bus. Depending on the vehicle, attackers can affect steering and braking. CWE-306: Missing Authentication for Critical Function http://cwe.mitre.org/data/definitions/306.html In addition, National Vulnerability Database (NVD) Then CWE-284 It is published as CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.htmlAttack Bluetooth Although it is necessary to do it from within the wireless range, it is possible to attack via a mobile phone in the vehicle. Depending on the vehicle type and model, various effects can be expected, from information leaks to life-threatening dangers.
Attackers can exploit this issue to gain unauthorized access. This may lead to further attacks
| VAR-201604-0016 | CVE-2016-0871 | Eaton Lighting EG2 Web Control Vulnerable to reading configuration files |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. EatonLightingSystemsEG2WebControl is a controller product from EatonLighting Systems of the United States for connecting the Internet and Wi-Fi LAN to the iLumin network. There is a certification bypass vulnerability in EatonLightingSystemsEG2WebControlV4.04P and earlier. A remote attacker could exploit the vulnerability to directly access the configuration file and view the certificate. Eaton Lighting Systems EG2 Web Control is prone to a security-bypass vulnerability and an information-disclosure vulnerability.
Attackers can exploit these issues to bypass security restrictions and gain access to potentially sensitive information. This may aid in other attacks.
EG2 Web Control 4.04P and prior versions are vulnerable
| VAR-201604-0078 | CVE-2016-2272 | Eaton Lighting EG2 Web Control Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlChanged by a third party Cookie May be unspecified. EatonLightingSystemsEG2WebControl is a controller product from EatonLighting Systems of the United States for connecting the Internet and Wi-Fi LAN to the iLumin network. There is a certification bypass vulnerability in EatonLightingSystemsEG2WebControl4.04P and earlier. A remote attacker could exploit this vulnerability to modify cookies in the browser.
Attackers can exploit these issues to bypass security restrictions and gain access to potentially sensitive information. This may aid in other attacks.
EG2 Web Control 4.04P and prior versions are vulnerable