RHEL 5 / 6 : flash-plugin (RHSA-2016:0610)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An update for flash-plugin is now available for Red Hat Enterprise
Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe
Flash Player web browser plug-in.

This update upgrades Flash Player to version 11.2.202.616.

Security Fix(es) :

* This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities, detailed in the Adobe Security Bulletin listed
in the References section, could allow an attacker to create a
specially crafted SWF file that would cause flash-plugin to crash,
execute arbitrary code, or disclose sensitive information when the
victim loaded a page containing the malicious SWF content.
(CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013,
CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021,
CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,
CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,
CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033)

See also :

https://www.redhat.com/security/data/cve/CVE-2016-1006.html
https://www.redhat.com/security/data/cve/CVE-2016-1011.html
https://www.redhat.com/security/data/cve/CVE-2016-1012.html
https://www.redhat.com/security/data/cve/CVE-2016-1013.html
https://www.redhat.com/security/data/cve/CVE-2016-1014.html
https://www.redhat.com/security/data/cve/CVE-2016-1015.html
https://www.redhat.com/security/data/cve/CVE-2016-1016.html
https://www.redhat.com/security/data/cve/CVE-2016-1017.html
https://www.redhat.com/security/data/cve/CVE-2016-1018.html
https://www.redhat.com/security/data/cve/CVE-2016-1019.html
https://www.redhat.com/security/data/cve/CVE-2016-1020.html
https://www.redhat.com/security/data/cve/CVE-2016-1021.html
https://www.redhat.com/security/data/cve/CVE-2016-1022.html
https://www.redhat.com/security/data/cve/CVE-2016-1023.html
https://www.redhat.com/security/data/cve/CVE-2016-1024.html
https://www.redhat.com/security/data/cve/CVE-2016-1025.html
https://www.redhat.com/security/data/cve/CVE-2016-1026.html
https://www.redhat.com/security/data/cve/CVE-2016-1027.html
https://www.redhat.com/security/data/cve/CVE-2016-1028.html
https://www.redhat.com/security/data/cve/CVE-2016-1029.html
https://www.redhat.com/security/data/cve/CVE-2016-1030.html
https://www.redhat.com/security/data/cve/CVE-2016-1031.html
https://www.redhat.com/security/data/cve/CVE-2016-1032.html
https://www.redhat.com/security/data/cve/CVE-2016-1033.html
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
http://rhn.redhat.com/errata/RHSA-2016-0610.html

Solution :

Update the affected flash-plugin package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true