RHEL 5 / 6 : flash-plugin (RHSA-2015:2593)

Critical Nessus Plugin ID 87304

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.9

Synopsis

The remote Red Hat host is missing a security update.

Description

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-32 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
(CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440, CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445, CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8451, CVE-2015-8452, CVE-2015-8453, CVE-2015-8454, CVE-2015-8455)

All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.554.

Solution

Update the affected flash-plugin package.

See Also

https://helpx.adobe.com/security/products/flash-player/apsb15-32.html

https://access.redhat.com/errata/RHSA-2015:2593

https://access.redhat.com/security/cve/cve-2015-8443

https://access.redhat.com/security/cve/cve-2015-8438

https://access.redhat.com/security/cve/cve-2015-8441

https://access.redhat.com/security/cve/cve-2015-8440

https://access.redhat.com/security/cve/cve-2015-8447

https://access.redhat.com/security/cve/cve-2015-8446

https://access.redhat.com/security/cve/cve-2015-8445

https://access.redhat.com/security/cve/cve-2015-8442

https://access.redhat.com/security/cve/cve-2015-8449

https://access.redhat.com/security/cve/cve-2015-8448

https://access.redhat.com/security/cve/cve-2015-8427

https://access.redhat.com/security/cve/cve-2015-8429

https://access.redhat.com/security/cve/cve-2015-8067

https://access.redhat.com/security/cve/cve-2015-8453

https://access.redhat.com/security/cve/cve-2015-8452

https://access.redhat.com/security/cve/cve-2015-8066

https://access.redhat.com/security/cve/cve-2015-8455

https://access.redhat.com/security/cve/cve-2015-8047

https://access.redhat.com/security/cve/cve-2015-8068

https://access.redhat.com/security/cve/cve-2015-8045

https://access.redhat.com/security/cve/cve-2015-8444

https://access.redhat.com/security/cve/cve-2015-8428

https://access.redhat.com/security/cve/cve-2015-8061

https://access.redhat.com/security/cve/cve-2015-8060

https://access.redhat.com/security/cve/cve-2015-8063

https://access.redhat.com/security/cve/cve-2015-8062

https://access.redhat.com/security/cve/cve-2015-8065

https://access.redhat.com/security/cve/cve-2015-8064

https://access.redhat.com/security/cve/cve-2015-8049

https://access.redhat.com/security/cve/cve-2015-8048

https://access.redhat.com/security/cve/cve-2015-8410

https://access.redhat.com/security/cve/cve-2015-8411

https://access.redhat.com/security/cve/cve-2015-8412

https://access.redhat.com/security/cve/cve-2015-8413

https://access.redhat.com/security/cve/cve-2015-8414

https://access.redhat.com/security/cve/cve-2015-8415

https://access.redhat.com/security/cve/cve-2015-8416

https://access.redhat.com/security/cve/cve-2015-8417

https://access.redhat.com/security/cve/cve-2015-8418

https://access.redhat.com/security/cve/cve-2015-8419

https://access.redhat.com/security/cve/cve-2015-8430

https://access.redhat.com/security/cve/cve-2015-8431

https://access.redhat.com/security/cve/cve-2015-8436

https://access.redhat.com/security/cve/cve-2015-8437

https://access.redhat.com/security/cve/cve-2015-8434

https://access.redhat.com/security/cve/cve-2015-8435

https://access.redhat.com/security/cve/cve-2015-8069

https://access.redhat.com/security/cve/cve-2015-8454

https://access.redhat.com/security/cve/cve-2015-8432

https://access.redhat.com/security/cve/cve-2015-8439

https://access.redhat.com/security/cve/cve-2015-8433

https://access.redhat.com/security/cve/cve-2015-8426

https://access.redhat.com/security/cve/cve-2015-8050

https://access.redhat.com/security/cve/cve-2015-8055

https://access.redhat.com/security/cve/cve-2015-8056

https://access.redhat.com/security/cve/cve-2015-8057

https://access.redhat.com/security/cve/cve-2015-8058

https://access.redhat.com/security/cve/cve-2015-8059

https://access.redhat.com/security/cve/cve-2015-8070

https://access.redhat.com/security/cve/cve-2015-8071

https://access.redhat.com/security/cve/cve-2015-8450

https://access.redhat.com/security/cve/cve-2015-8451

https://access.redhat.com/security/cve/cve-2015-8407

https://access.redhat.com/security/cve/cve-2015-8406

https://access.redhat.com/security/cve/cve-2015-8405

https://access.redhat.com/security/cve/cve-2015-8404

https://access.redhat.com/security/cve/cve-2015-8403

https://access.redhat.com/security/cve/cve-2015-8402

https://access.redhat.com/security/cve/cve-2015-8401

https://access.redhat.com/security/cve/cve-2015-8421

https://access.redhat.com/security/cve/cve-2015-8420

https://access.redhat.com/security/cve/cve-2015-8423

https://access.redhat.com/security/cve/cve-2015-8422

https://access.redhat.com/security/cve/cve-2015-8425

https://access.redhat.com/security/cve/cve-2015-8424

https://access.redhat.com/security/cve/cve-2015-8409

https://access.redhat.com/security/cve/cve-2015-8408

https://access.redhat.com/security/cve/cve-2015-8456

https://access.redhat.com/security/cve/cve-2015-8457

https://access.redhat.com/security/cve/cve-2015-8652

https://access.redhat.com/security/cve/cve-2015-8653

https://access.redhat.com/security/cve/cve-2015-8654

https://access.redhat.com/security/cve/cve-2015-8655

https://access.redhat.com/security/cve/cve-2015-8656

https://access.redhat.com/security/cve/cve-2015-8657

https://access.redhat.com/security/cve/cve-2015-8658

https://access.redhat.com/security/cve/cve-2015-8820

https://access.redhat.com/security/cve/cve-2015-8821

https://access.redhat.com/security/cve/cve-2015-8822

https://access.redhat.com/security/cve/cve-2015-8823

Plugin Details

Severity: Critical

ID: 87304

File Name: redhat-RHSA-2015-2593.nasl

Version: 1.25

Type: local

Agent: unix

Published: 2015/12/10

Updated: 2019/10/24

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 8.9

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:flash-plugin, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6, cpe:/o:redhat:enterprise_linux:6.7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/12/09

Vulnerability Publication Date: 2015/12/10

Reference Information

CVE: CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440, CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445, CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8451, CVE-2015-8452, CVE-2015-8453, CVE-2015-8454, CVE-2015-8455, CVE-2015-8456, CVE-2015-8457, CVE-2015-8652, CVE-2015-8653, CVE-2015-8654, CVE-2015-8655, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, CVE-2015-8820, CVE-2015-8821, CVE-2015-8822, CVE-2015-8823

RHSA: 2015:2593