RHEL 5 / 6 : flash-plugin (RHSA-2016:1423)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An update for flash-plugin is now available for Red Hat Enterprise
Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe
Flash Player web browser plug-in.

This update upgrades Flash Player to version 11.2.202.632.

Security Fix(es) :

* This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities, detailed in the Adobe Security Bulletin listed
in the References section, could allow an attacker to create a
specially crafted SWF file that would cause flash-plugin to crash,
execute arbitrary code, or disclose sensitive information when the
victim loaded a page containing the malicious SWF content.
(CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175,
CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179,
CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183,
CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187,
CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217,
CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221,
CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225,
CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229,
CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233,
CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237,
CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241,
CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245,
CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249)

See also :

https://www.redhat.com/security/data/cve/CVE-2016-4172.html
https://www.redhat.com/security/data/cve/CVE-2016-4173.html
https://www.redhat.com/security/data/cve/CVE-2016-4174.html
https://www.redhat.com/security/data/cve/CVE-2016-4175.html
https://www.redhat.com/security/data/cve/CVE-2016-4176.html
https://www.redhat.com/security/data/cve/CVE-2016-4177.html
https://www.redhat.com/security/data/cve/CVE-2016-4178.html
https://www.redhat.com/security/data/cve/CVE-2016-4179.html
https://www.redhat.com/security/data/cve/CVE-2016-4180.html
https://www.redhat.com/security/data/cve/CVE-2016-4181.html
https://www.redhat.com/security/data/cve/CVE-2016-4182.html
https://www.redhat.com/security/data/cve/CVE-2016-4183.html
https://www.redhat.com/security/data/cve/CVE-2016-4184.html
https://www.redhat.com/security/data/cve/CVE-2016-4185.html
https://www.redhat.com/security/data/cve/CVE-2016-4186.html
https://www.redhat.com/security/data/cve/CVE-2016-4187.html
https://www.redhat.com/security/data/cve/CVE-2016-4188.html
https://www.redhat.com/security/data/cve/CVE-2016-4189.html
https://www.redhat.com/security/data/cve/CVE-2016-4190.html
https://www.redhat.com/security/data/cve/CVE-2016-4217.html
https://www.redhat.com/security/data/cve/CVE-2016-4218.html
https://www.redhat.com/security/data/cve/CVE-2016-4219.html
https://www.redhat.com/security/data/cve/CVE-2016-4220.html
https://www.redhat.com/security/data/cve/CVE-2016-4221.html
https://www.redhat.com/security/data/cve/CVE-2016-4222.html
https://www.redhat.com/security/data/cve/CVE-2016-4223.html
https://www.redhat.com/security/data/cve/CVE-2016-4224.html
https://www.redhat.com/security/data/cve/CVE-2016-4225.html
https://www.redhat.com/security/data/cve/CVE-2016-4226.html
https://www.redhat.com/security/data/cve/CVE-2016-4227.html
https://www.redhat.com/security/data/cve/CVE-2016-4228.html
https://www.redhat.com/security/data/cve/CVE-2016-4229.html
https://www.redhat.com/security/data/cve/CVE-2016-4230.html
https://www.redhat.com/security/data/cve/CVE-2016-4231.html
https://www.redhat.com/security/data/cve/CVE-2016-4232.html
https://www.redhat.com/security/data/cve/CVE-2016-4233.html
https://www.redhat.com/security/data/cve/CVE-2016-4234.html
https://www.redhat.com/security/data/cve/CVE-2016-4235.html
https://www.redhat.com/security/data/cve/CVE-2016-4236.html
https://www.redhat.com/security/data/cve/CVE-2016-4237.html
https://www.redhat.com/security/data/cve/CVE-2016-4238.html
https://www.redhat.com/security/data/cve/CVE-2016-4239.html
https://www.redhat.com/security/data/cve/CVE-2016-4240.html
https://www.redhat.com/security/data/cve/CVE-2016-4241.html
https://www.redhat.com/security/data/cve/CVE-2016-4242.html
https://www.redhat.com/security/data/cve/CVE-2016-4243.html
https://www.redhat.com/security/data/cve/CVE-2016-4244.html
https://www.redhat.com/security/data/cve/CVE-2016-4245.html
https://www.redhat.com/security/data/cve/CVE-2016-4246.html
https://www.redhat.com/security/data/cve/CVE-2016-4247.html
https://www.redhat.com/security/data/cve/CVE-2016-4248.html
https://www.redhat.com/security/data/cve/CVE-2016-4249.html
https://helpx.adobe.com/security/products/flash-player/apsb16-25.html
http://rhn.redhat.com/errata/RHSA-2016-1423.html

Solution :

Update the affected flash-plugin package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true