RHEL 5 / 6 : flash-plugin (RHSA-2016:1865)

critical Nessus Plugin ID 93503
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 8.9

Synopsis

The remote Red Hat host is missing a security update.

Description

An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

This update upgrades Flash Player to version 11.2.202.635.

Security Fix(es) :

* This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
(CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)

Solution

Update the affected flash-plugin package.

See Also

https://helpx.adobe.com/security/products/flash-player/apsb16-29.html

https://access.redhat.com/errata/RHSA-2016:1865

https://access.redhat.com/security/cve/cve-2016-6930

https://access.redhat.com/security/cve/cve-2016-6931

https://access.redhat.com/security/cve/cve-2016-6932

https://access.redhat.com/security/cve/cve-2016-4275

https://access.redhat.com/security/cve/cve-2016-4274

https://access.redhat.com/security/cve/cve-2016-4277

https://access.redhat.com/security/cve/cve-2016-4276

https://access.redhat.com/security/cve/cve-2016-4271

https://access.redhat.com/security/cve/cve-2016-4272

https://access.redhat.com/security/cve/cve-2016-4279

https://access.redhat.com/security/cve/cve-2016-4278

https://access.redhat.com/security/cve/cve-2016-6927

https://access.redhat.com/security/cve/cve-2016-6926

https://access.redhat.com/security/cve/cve-2016-6925

https://access.redhat.com/security/cve/cve-2016-6924

https://access.redhat.com/security/cve/cve-2016-6923

https://access.redhat.com/security/cve/cve-2016-6922

https://access.redhat.com/security/cve/cve-2016-6921

https://access.redhat.com/security/cve/cve-2016-6929

https://access.redhat.com/security/cve/cve-2016-4280

https://access.redhat.com/security/cve/cve-2016-4281

https://access.redhat.com/security/cve/cve-2016-4282

https://access.redhat.com/security/cve/cve-2016-4283

https://access.redhat.com/security/cve/cve-2016-4284

https://access.redhat.com/security/cve/cve-2016-4285

https://access.redhat.com/security/cve/cve-2016-4287

Plugin Details

Severity: Critical

ID: 93503

File Name: redhat-RHSA-2016-1865.nasl

Version: 2.16

Type: local

Agent: unix

Published: 9/15/2016

Updated: 10/24/2019

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Critical

VPR Score: 8.9

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:flash-plugin, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/14/2016

Vulnerability Publication Date: 9/14/2016

Reference Information

CVE: CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932

RHSA: 2016:1865