RHSA-2016:1865

1036791

https://helpx.adobe.com/security/products/flash-player/apsb16-29.html

GLSA-201610-10

The remote host is affected by the vulnerability described in GLSA-201610-10 (Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, or bypass security restrictions.
  Workaround :

    There is no known workaround at this time.

Versions of Adobe Flash Player prior to 11.2.202.635, 18.0.0.375, or 23.0.0.162 are affected by the following vulnerabilities :

 - An unspecified flaw may allow a context-dependent attacker to bypass security restrictions and gain access to potentially sensitive information. No further details have been provided.
 - A use-after-free error may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw is triggered as certain input is not properly validated when handling AVC decoding. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw is triggered as certain input is not properly validated when handling SWF data. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free condition is triggered when handling 'TextFormat' objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - An integer overflow condition is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A flaw is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.

This update for flash-player fixes the following security issues (APSB16-29, boo#998589) :

  - integer overflow vulnerability that could lead to code     execution (CVE-2016-4287). 

  - use-after-free vulnerabilities that could lead to code     execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,     CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,     CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,     CVE-2016-6931, CVE-2016-6932)

  - security bypass vulnerabilities that could lead to     information disclosure (CVE-2016-4271, CVE-2016-4277,     CVE-2016-4278)

  - memory corruption vulnerabilities that could lead to     code execution (CVE-2016-4182, CVE-2016-4237,     CVE-2016-4238, CVE-2016-4274, CVE-2016-4275,     CVE-2016-4276, CVE-2016-4280, CVE-2016-4281,     CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,     CVE-2016-4285, CVE-2016-6922, CVE-2016-6924)

The package description was update to reflex that the stand-alone Flash is no longer provided on x86_64 architectures (boo#977664).

This update for flash-player fixes the following security issues (APSB16-29, boo#998589) :

  - integer overflow vulnerability that could lead to code     execution (CVE-2016-4287).

  - use-after-free vulnerabilities that could lead to code     execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,     CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,     CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,     CVE-2016-6931, CVE-2016-6932)

  - security bypass vulnerabilities that could lead to     information disclosure (CVE-2016-4271, CVE-2016-4277,     CVE-2016-4278)

  - memory corruption vulnerabilities that could lead to     code execution (CVE-2016-4182, CVE-2016-4237,     CVE-2016-4238, CVE-2016-4274, CVE-2016-4275,     CVE-2016-4276, CVE-2016-4280, CVE-2016-4281,     CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,     CVE-2016-4285, CVE-2016-6922, CVE-2016-6924)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

This update upgrades Flash Player to version 11.2.202.635.

Security Fix(es) :

* This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
(CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)

The remote Windows host is missing KB3188128. It is, therefore, affected by multiple vulnerabilities :

  - Multiple security bypass vulnerabilities exist that     allow an unauthenticated, remote attacker to disclose     sensitive information. (CVE-2016-4271, CVE-2016-4277,     CVE-2016-4278)

  - Multiple use-after-free errors exist that allow an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,     CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,     CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,     CVE-2016-6931, CVE-2016-6932)

  - Multiple memory corruption issues exist that allow an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276,     CVE-2016-4280, CVE-2016-4281, CVE-2016-4282,     CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,     CVE-2016-6922, CVE-2016-6924)

  - An integer overflow condition exists that allows an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2016-4287)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 22.0.0.211. It is, therefore, affected by multiple vulnerabilities :

  - Multiple security bypass vulnerabilities exist that     allow an unauthenticated, remote attacker to disclose     sensitive information. (CVE-2016-4271, CVE-2016-4277,     CVE-2016-4278)

  - Multiple use-after-free errors exist that allow an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,     CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,     CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,     CVE-2016-6931, CVE-2016-6932)

  - Multiple memory corruption issues exist that allow an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276,     CVE-2016-4280, CVE-2016-4281, CVE-2016-4282,     CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,     CVE-2016-6922, CVE-2016-6924)

  - An integer overflow condition exists that allows an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2016-4287)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 22.0.0.211. It is, therefore, affected by multiple vulnerabilities :

  - Multiple security bypass vulnerabilities exist that     allow an unauthenticated, remote attacker to disclose     sensitive information. (CVE-2016-4271, CVE-2016-4277,     CVE-2016-4278)

  - Multiple use-after-free errors exist that allow an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,     CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,     CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,     CVE-2016-6931, CVE-2016-6932)

  - Multiple memory corruption issues exist that allow an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276,     CVE-2016-4280, CVE-2016-4281, CVE-2016-4282,     CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,     CVE-2016-6922, CVE-2016-6924)

  - An integer overflow condition exists that allows an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2016-4287)

ID	Name	Product	Family	Severity
94421	GLSA-201610-10 : Adobe Flash Player: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
9603	Flash Player < 11.2.202.635 / 18.0.0.375 / 23.0.0.162 Multiple Vulnerabilities (APSB16-29)	Nessus Network Monitor	Web Clients	critical
93731	openSUSE Security Update : flash-player (openSUSE-2016-1123)	Nessus	SuSE Local Security Checks	critical
93558	SUSE SLED12 Security Update : flash-player (SUSE-SU-2016:2312-1)	Nessus	SuSE Local Security Checks	critical
93553	openSUSE Security Update : flash-player (openSUSE-2016-1083)	Nessus	SuSE Local Security Checks	critical
93503	RHEL 5 / 6 : flash-plugin (RHSA-2016:1865)	Nessus	Red Hat Local Security Checks	critical
93475	MS16-117: Security Update for Adobe Flash Player (3188128)	Nessus	Windows : Microsoft Bulletins	critical
93462	Adobe Flash Player for Mac <= 22.0.0.211 Multiple Vulnerabilities (APSB16-29)	Nessus	MacOS X Local Security Checks	critical
93461	Adobe Flash Player <= 22.0.0.211 Multiple Vulnerabilities (APSB16-29)	Nessus	Windows	critical

CVE-2016-4277

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Tenable Plugins