RHEL 5 / 6 : flash-plugin (RHSA-2016:0438)

high Nessus Plugin ID 89917

Synopsis

The remote Red Hat host is missing a security update.

Description

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
(CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010)

All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.577.

Solution

Update the affected flash-plugin package.

See Also

https://helpx.adobe.com/security/products/flash-player/apsb16-08.html

https://access.redhat.com/errata/RHSA-2016:0438

https://access.redhat.com/security/cve/cve-2016-1010

https://access.redhat.com/security/cve/cve-2016-0990

https://access.redhat.com/security/cve/cve-2016-0991

https://access.redhat.com/security/cve/cve-2016-0992

https://access.redhat.com/security/cve/cve-2016-0993

https://access.redhat.com/security/cve/cve-2016-0994

https://access.redhat.com/security/cve/cve-2016-0995

https://access.redhat.com/security/cve/cve-2016-0996

https://access.redhat.com/security/cve/cve-2016-0997

https://access.redhat.com/security/cve/cve-2016-0998

https://access.redhat.com/security/cve/cve-2016-0999

https://access.redhat.com/security/cve/cve-2016-1005

https://access.redhat.com/security/cve/cve-2016-0986

https://access.redhat.com/security/cve/cve-2016-1001

https://access.redhat.com/security/cve/cve-2016-1000

https://access.redhat.com/security/cve/cve-2016-1002

https://access.redhat.com/security/cve/cve-2016-0989

https://access.redhat.com/security/cve/cve-2016-0988

https://access.redhat.com/security/cve/cve-2016-0987

https://access.redhat.com/security/cve/cve-2016-0961

https://access.redhat.com/security/cve/cve-2016-0960

https://access.redhat.com/security/cve/cve-2016-0963

https://access.redhat.com/security/cve/cve-2016-0962

Plugin Details

Severity: High

ID: 89917

File Name: redhat-RHSA-2016-0438.nasl

Version: 2.23

Type: local

Agent: unix

Published: 3/14/2016

Updated: 4/25/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-1010

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:flash-plugin, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6, cpe:/o:redhat:enterprise_linux:6.7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/11/2016

Vulnerability Publication Date: 3/12/2016

CISA Known Exploited Vulnerability Due Dates: 6/15/2022

Reference Information

CVE: CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010

RHSA: 2016:0438