FreeBSD : flash -- multiple vulnerabilities (c8842a84-9ddd-11e5-8c2f-c485083ca99c)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Adobe reports :

These updates resolve heap buffer overflow vulnerabilities that could
lead to code execution (CVE-2015-8438, CVE-2015-8446).

These updates resolve memory corruption vulnerabilities that could
lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417,
CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8053,
CVE-2015-8045, CVE-2015-8051, CVE-2015-8060, CVE-2015-8419,
CVE-2015-8408).

These updates resolve security bypass vulnerabilities (CVE-2015-8453,
CVE-2015-8440, CVE-2015-8409).

These updates resolve a stack overflow vulnerability that could lead
to code execution (CVE-2015-8407).

These updates resolve a type confusion vulnerability that could lead
to code execution (CVE-2015-8439).

These updates resolve an integer overflow vulnerability that could
lead to code execution (CVE-2015-8445).

These updates resolve a buffer overflow vulnerability that could lead
to code execution (CVE-2015-8415).

These updates resolve use-after-free vulnerabilities that could lead
to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437,
CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436,
CVE-2015-8452, CVE-2015-8048, CVE-2015-8413, CVE-2015-8412,
CVE-2015-8410, CVE-2015-8411, CVE-2015-8424, CVE-2015-8422,
CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, CVE-2015-8425,
CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426,
CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429,
CVE-2015-8434, CVE-2015-8435, CVE-2015-8414, CVE-2015-8052,
CVE-2015-8059, CVE-2015-8058, CVE-2015-8055, CVE-2015-8057,
CVE-2015-8056, CVE-2015-8061, CVE-2015-8067, CVE-2015-8066,
CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065,
CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402,
CVE-2015-8403, CVE-2015-8071, CVE-2015-8401, CVE-2015-8406,
CVE-2015-8069, CVE-2015-8070, CVE-2015-8441, CVE-2015-8442,
CVE-2015-8447).

See also :

https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
http://www.nessus.org/u?6612cc56

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true