Issued:
2015-06-24
Updated:
2015-06-24

RHSA-2015:1184 - Security Advisory

Synopsis

Critical: flash-plugin security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated Adobe Flash Player package that fixes one security issue is now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.

Red Hat Product Security has rated this update as having Critical security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

A flaw was found in the way flash-plugin displayed certain SWF content. An
attacker could use this flaw to create a specially crafted SWF file that
would cause flash-plugin to crash or, potentially, execute arbitrary code
when the victim loaded a page containing the malicious SWF content.
(CVE-2015-3113)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.468.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.6 i386
  • Red Hat Enterprise Linux Server - AUS 6.6 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 i386

Fixes

  • BZ - 1235036 - CVE-2015-3113 flash-plugin: code execution issue fixed in APSB15-14

Red Hat Enterprise Linux Server 6

SRPM
x86_64
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf
i386
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf

Red Hat Enterprise Linux Server 5

SRPM
x86_64
flash-plugin-11.2.202.468-1.el5.i386.rpm SHA-256: 82f68636a9a9efc52646b482779edb52664038ae59fc5ee765755c5e1d098127
i386
flash-plugin-11.2.202.468-1.el5.i386.rpm SHA-256: 82f68636a9a9efc52646b482779edb52664038ae59fc5ee765755c5e1d098127

Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.6

SRPM
x86_64
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf
i386
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf
i386
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf

Red Hat Enterprise Linux Workstation 5

SRPM
x86_64
flash-plugin-11.2.202.468-1.el5.i386.rpm SHA-256: 82f68636a9a9efc52646b482779edb52664038ae59fc5ee765755c5e1d098127
i386
flash-plugin-11.2.202.468-1.el5.i386.rpm SHA-256: 82f68636a9a9efc52646b482779edb52664038ae59fc5ee765755c5e1d098127

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf
i386
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf

Red Hat Enterprise Linux Desktop 5

SRPM
x86_64
flash-plugin-11.2.202.468-1.el5.i386.rpm SHA-256: 82f68636a9a9efc52646b482779edb52664038ae59fc5ee765755c5e1d098127
i386
flash-plugin-11.2.202.468-1.el5.i386.rpm SHA-256: 82f68636a9a9efc52646b482779edb52664038ae59fc5ee765755c5e1d098127

Red Hat Enterprise Linux Server from RHUI 6

SRPM
x86_64
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf
i386
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf

Red Hat Enterprise Linux Server from RHUI 5

SRPM
x86_64
flash-plugin-11.2.202.468-1.el5.i386.rpm SHA-256: 82f68636a9a9efc52646b482779edb52664038ae59fc5ee765755c5e1d098127
i386
flash-plugin-11.2.202.468-1.el5.i386.rpm SHA-256: 82f68636a9a9efc52646b482779edb52664038ae59fc5ee765755c5e1d098127

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.6

SRPM
x86_64
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf
i386
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf

Red Hat Enterprise Linux Server - AUS 6.6

SRPM
x86_64
flash-plugin-11.2.202.468-1.el6_6.i686.rpm SHA-256: 300528f606c41cc2d5a4ce57891ff7a4b8f7f3524d117f1863a0f405bf7a3faf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.