RHEL 4 : redhat-release (EOL Notice) (RHSA-2011:0259)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

The flash-plugin package on Red Hat Enterprise Linux 4 contains
multiple security flaws and should no longer be used. This is the
1-month notification of Red Hat's plans to disable Adobe Flash Player
9 on Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
critical security impact.

The flash-plugin package contains a Mozilla Firefox compatible Adobe
Flash Player web browser plug-in.

Adobe Flash Player 9 is vulnerable to critical security flaws and
should no longer be used. A remote attacker could use these flaws to
execute arbitrary code with the privileges of the user running Flash
Player 9. (CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561,
CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574,
CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607,
CVE-2011-0608)

Adobe is no longer providing security updates for Adobe Flash Player
9, and is not providing a replacement Flash Player version compatible
with Red Hat Enterprise Linux 4.

In one month Red Hat plans to release an update for the flash-plugin
package that will prevent it from functioning. User wishing to
continue using Flash Player 9, despite the vulnerabilities, can add
the flash-plugin package to the up2date skip list. Refer to the
following Red Hat Knowledgebase article for instructions on adding a
package to the up2date skip list:
https://access.redhat.com/kb/docs/DOC-1639

See also :

http://kb2.adobe.com/cps/406/kb406791.html
https://access.redhat.com/kb/docs/DOC-1639
http://rhn.redhat.com/errata/RHSA-2011-0259.html

Solution :

Update the affected flash-plugin package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true