Executive Summary
Summary | |
---|---|
Title | flash-plugin security update |
Informations | |||
---|---|---|---|
Name | RHSA-2016:1079 | First vendor Publication | 2016-05-13 |
Vendor | RedHat | Last vendor Modification | 2016-05-13 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.621. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1335058 - flash-plugin: multiple code execution issues fixed in APSB16-15 |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2016-1079.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
83 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
17 % | CWE-416 | Use After Free |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2019-09-24 | Adobe Texture Format file containing invalid texture definition memory corrup... RuleID : 51224 - Revision : 1 - Type : FILE-OTHER |
2019-09-24 | Adobe Texture Format file containing invalid texture definition memory corrup... RuleID : 51223 - Revision : 1 - Type : FILE-OTHER |
2019-09-24 | Adobe Flash Player ATF bitmap conversion heap overflow attempt RuleID : 51222 - Revision : 1 - Type : FILE-FLASH |
2019-09-24 | Adobe Flash Player ATF bitmap conversion heap overflow attempt RuleID : 51221 - Revision : 1 - Type : FILE-FLASH |
2016-10-01 | Adobe Flash Player FileReference type confusion attempt RuleID : 39957 - Revision : 1 - Type : FILE-FLASH |
2016-10-01 | Adobe Flash Player FileReference type confusion attempt RuleID : 39956 - Revision : 2 - Type : FILE-FLASH |
2016-07-19 | Adobe Flash Player malformed regular expression use after free attempt RuleID : 39300 - Revision : 2 - Type : FILE-FLASH |
2016-07-19 | Adobe Flash Player malformed regular expression use after free attempt RuleID : 39299 - Revision : 2 - Type : FILE-FLASH |
2016-07-19 | Adobe Flash Player malformed ATF heap overflow attempt RuleID : 39274 - Revision : 8 - Type : FILE-FLASH |
2016-07-19 | Adobe Flash Player malformed ATF heap overflow attempt RuleID : 39273 - Revision : 8 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player ASSetNative use-after-free attempt RuleID : 39033 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player ASSetNative use-after-free attempt RuleID : 39032 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player ASSetNative use-after-free attempt RuleID : 39031 - Revision : 2 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player ASSetNative use-after-free attempt RuleID : 39030 - Revision : 2 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player selection.setFocus use after free attempt RuleID : 39026 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player selection.setFocus use after free attempt RuleID : 39025 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player selection.setFocus use after free attempt RuleID : 39024 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player selection.setFocus use after free attempt RuleID : 39023 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player PSDK use-after-free attempt RuleID : 39022 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player PSDK use-after-free attempt RuleID : 39021 - Revision : 2 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player PSDK use-after-free attempt RuleID : 39020 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player PSDK use-after-free attempt RuleID : 39019 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player setMetadata memory corruption attempt RuleID : 39012 - Revision : 2 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player setMetadata memory corruption attempt RuleID : 39011 - Revision : 2 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player setMetadata memory corruption attempt RuleID : 39010 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player setMetadata memory corruption attempt RuleID : 39009 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player addProperty use after free attempt RuleID : 38999 - Revision : 2 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player addProperty use after free attempt RuleID : 38998 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player addProperty use after free attempt RuleID : 38997 - Revision : 2 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player addProperty use after free attempt RuleID : 38996 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player corrupt PNG image load out of bounds memory access attempt RuleID : 38985 - Revision : 5 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player corrupt PNG image load out of bounds memory access attempt RuleID : 38984 - Revision : 5 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player corrupt PNG image load out of bounds memory access attempt RuleID : 38983 - Revision : 4 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player corrupt PNG image load out of bounds memory access attempt RuleID : 38982 - Revision : 4 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player OpportunityGenerator.update memory corruption attempt RuleID : 38974 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player OpportunityGenerator.update memory corruption attempt RuleID : 38973 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player OpportunityGenerator.update memory corruption attempt RuleID : 38972 - Revision : 3 - Type : FILE-FLASH |
2016-06-22 | Adobe Flash Player OpportunityGenerator.update memory corruption attempt RuleID : 38971 - Revision : 2 - Type : FILE-FLASH |
2016-06-14 | Adobe Flash Player FileReference type confusion attempt RuleID : 38884 - Revision : 2 - Type : FILE-FLASH |
2016-06-14 | Adobe Flash Player FileReference type confusion attempt RuleID : 38883 - Revision : 3 - Type : FILE-FLASH |
2016-06-14 | Adobe Flash Player FileReference type confusion attempt RuleID : 38882 - Revision : 2 - Type : FILE-FLASH |
2016-06-14 | Adobe Flash Player FileReference type confusion attempt RuleID : 38881 - Revision : 3 - Type : FILE-FLASH |
2016-06-14 | Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt RuleID : 38875 - Revision : 4 - Type : FILE-FLASH |
2016-06-14 | Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt RuleID : 38874 - Revision : 4 - Type : FILE-FLASH |
2016-06-14 | Adobe Flash Player MSIMG32.dll dll-load exploit attempt RuleID : 38873 - Revision : 3 - Type : FILE-FLASH |
2016-06-14 | Adobe Flash Player request for MSIMG32.dll over SMB attempt RuleID : 38872 - Revision : 3 - Type : FILE-FLASH |
2016-06-14 | Adobe Flash Player loadSound method use-after-free memory corruption attempt RuleID : 38848 - Revision : 2 - Type : FILE-FLASH |
2016-06-14 | Adobe Flash Player loadSound method use-after-free memory corruption attempt RuleID : 38847 - Revision : 2 - Type : FILE-FLASH |
2016-06-09 | Adobe Flash Player faulty x64 support out of bounds read attempt RuleID : 38838 - Revision : 2 - Type : FILE-FLASH |
2016-06-09 | Adobe Flash Player faulty x64 support out of bounds read attempt RuleID : 38837 - Revision : 2 - Type : FILE-FLASH |
2016-06-09 | Adobe Flash Player bitmap heap overflow attempt RuleID : 38836 - Revision : 4 - Type : FILE-FLASH |
2016-06-09 | Adobe Flash Player bitmap heap overflow attempt RuleID : 38835 - Revision : 4 - Type : FILE-FLASH |
2016-06-09 | Adobe Flash Player ContentFactory memory corruption attempt RuleID : 38833 - Revision : 3 - Type : FILE-FLASH |
2016-06-09 | Adobe Flash Player ContentFactory memory corruption attempt RuleID : 38832 - Revision : 3 - Type : FILE-FLASH |
2016-06-09 | Adobe Flash Player ContentFactory memory corruption attempt RuleID : 38831 - Revision : 2 - Type : FILE-FLASH |
2016-06-09 | Adobe Flash Player ContentFactory memory corruption attempt RuleID : 38830 - Revision : 3 - Type : FILE-FLASH |
2016-06-09 | Adobe Flash Player removeMovieClip callback use after free attempt RuleID : 38827 - Revision : 2 - Type : FILE-FLASH |
2016-06-09 | Adobe Flash Player removeMovieClip callback use after free attempt RuleID : 38826 - Revision : 2 - Type : FILE-FLASH |
2016-06-09 | Adobe Flash Player removeMovieClip callback use after free attempt RuleID : 38825 - Revision : 2 - Type : FILE-FLASH |
2016-06-09 | Adobe Flash Player removeMovieClip callback use after free attempt RuleID : 38824 - Revision : 2 - Type : FILE-FLASH |
2016-06-07 | Adobe Flash Player ASSetNativeAccessor use after free attempt RuleID : 38793 - Revision : 2 - Type : FILE-FLASH |
2016-06-07 | Adobe Flash Player ASSetNativeAccessor use after free attempt RuleID : 38792 - Revision : 2 - Type : FILE-FLASH |
2016-03-14 | Adobe Flash Player URI loaded MP4 potential information leak attempt RuleID : 36316 - Revision : 3 - Type : FILE-FLASH |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-06-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0c6b008d35c411e68e82002590263bf5.nasl - Type : ACT_GATHER_INFO |
2016-06-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201606-08.nasl - Type : ACT_GATHER_INFO |
2016-05-18 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-587.nasl - Type : ACT_GATHER_INFO |
2016-05-18 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1305-1.nasl - Type : ACT_GATHER_INFO |
2016-05-17 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-585.nasl - Type : ACT_GATHER_INFO |
2016-05-16 | Name : The remote Windows host has a browser plugin installed that is affected by mu... File : adobe_air_apsb16-15.nasl - Type : ACT_GATHER_INFO |
2016-05-16 | Name : The remote Windows host has a browser plugin installed that is affected by mu... File : flash_player_apsb16-15.nasl - Type : ACT_GATHER_INFO |
2016-05-16 | Name : The remote Mac OS X host has a browser plugin installed that is affected by m... File : macosx_adobe_air_apsb16-15.nasl - Type : ACT_GATHER_INFO |
2016-05-16 | Name : The remote Mac OS X host has a browser plugin installed that is affected by m... File : macosx_flash_player_apsb16-15.nasl - Type : ACT_GATHER_INFO |
2016-05-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2016-1079.nasl - Type : ACT_GATHER_INFO |
2016-05-13 | Name : A web browser installed on the remote Windows host is affected by multiple vu... File : google_chrome_50_0_2661_102.nasl - Type : ACT_GATHER_INFO |
2016-05-13 | Name : A web browser installed on the remote Mac OS X host is affected by multiple v... File : macosx_google_chrome_50_0_2661_102.nasl - Type : ACT_GATHER_INFO |
2016-05-10 | Name : The remote Windows host has a browser plugin installed that is affected by mu... File : smb_nt_ms16-064.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-01-05 09:26:23 |
|
2016-05-17 13:29:41 |
|
2016-05-13 17:36:39 |
|
2016-05-13 13:26:33 |
|