RHEL 5 / 6 : flash-plugin (RHSA-2016:1423)

Critical Nessus Plugin ID 92044

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.9

Synopsis

The remote Red Hat host is missing a security update.

Description

An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

This update upgrades Flash Player to version 11.2.202.632.

Security Fix(es) :

* This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
(CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249)

Solution

Update the affected flash-plugin package.

See Also

https://helpx.adobe.com/security/products/flash-player/apsb16-25.html

https://access.redhat.com/errata/RHSA-2016:1423

https://access.redhat.com/security/cve/cve-2016-4183

https://access.redhat.com/security/cve/cve-2016-4182

https://access.redhat.com/security/cve/cve-2016-4181

https://access.redhat.com/security/cve/cve-2016-4180

https://access.redhat.com/security/cve/cve-2016-4187

https://access.redhat.com/security/cve/cve-2016-4186

https://access.redhat.com/security/cve/cve-2016-4185

https://access.redhat.com/security/cve/cve-2016-4184

https://access.redhat.com/security/cve/cve-2016-4231

https://access.redhat.com/security/cve/cve-2016-4230

https://access.redhat.com/security/cve/cve-2016-4189

https://access.redhat.com/security/cve/cve-2016-4188

https://access.redhat.com/security/cve/cve-2016-4235

https://access.redhat.com/security/cve/cve-2016-4234

https://access.redhat.com/security/cve/cve-2016-4219

https://access.redhat.com/security/cve/cve-2016-4218

https://access.redhat.com/security/cve/cve-2016-4238

https://access.redhat.com/security/cve/cve-2016-4217

https://access.redhat.com/security/cve/cve-2016-4246

https://access.redhat.com/security/cve/cve-2016-4243

https://access.redhat.com/security/cve/cve-2016-4247

https://access.redhat.com/security/cve/cve-2016-4244

https://access.redhat.com/security/cve/cve-2016-4240

https://access.redhat.com/security/cve/cve-2016-4236

https://access.redhat.com/security/cve/cve-2016-4237

https://access.redhat.com/security/cve/cve-2016-4190

https://access.redhat.com/security/cve/cve-2016-4233

https://access.redhat.com/security/cve/cve-2016-4228

https://access.redhat.com/security/cve/cve-2016-4229

https://access.redhat.com/security/cve/cve-2016-4248

https://access.redhat.com/security/cve/cve-2016-4249

https://access.redhat.com/security/cve/cve-2016-4222

https://access.redhat.com/security/cve/cve-2016-4223

https://access.redhat.com/security/cve/cve-2016-4220

https://access.redhat.com/security/cve/cve-2016-4221

https://access.redhat.com/security/cve/cve-2016-4226

https://access.redhat.com/security/cve/cve-2016-4227

https://access.redhat.com/security/cve/cve-2016-4224

https://access.redhat.com/security/cve/cve-2016-4225

https://access.redhat.com/security/cve/cve-2016-4172

https://access.redhat.com/security/cve/cve-2016-4173

https://access.redhat.com/security/cve/cve-2016-4176

https://access.redhat.com/security/cve/cve-2016-4177

https://access.redhat.com/security/cve/cve-2016-4174

https://access.redhat.com/security/cve/cve-2016-4175

https://access.redhat.com/security/cve/cve-2016-4178

https://access.redhat.com/security/cve/cve-2016-4179

https://access.redhat.com/security/cve/cve-2016-4242

https://access.redhat.com/security/cve/cve-2016-4241

https://access.redhat.com/security/cve/cve-2016-4232

https://access.redhat.com/security/cve/cve-2016-4245

https://access.redhat.com/security/cve/cve-2016-4239

https://access.redhat.com/security/cve/cve-2016-7020

Plugin Details

Severity: Critical

ID: 92044

File Name: redhat-RHSA-2016-1423.nasl

Version: 2.19

Type: local

Agent: unix

Published: 2016/07/14

Updated: 2019/10/24

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 8.9

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:flash-plugin, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/07/13

Vulnerability Publication Date: 2016/07/13

Reference Information

CVE: CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249, CVE-2016-7020

RHSA: 2016:1423