Red Hat Product Errata RHSA-2016:0610 - Security Advisory
Issued:
2016-04-08
Updated:
2016-04-08

RHSA-2016:0610 - Security Advisory

Synopsis

Critical: flash-plugin security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update upgrades Flash Player to version 11.2.202.616.

Security Fix(es):

  • This update fixes multiple vulnerabilities in Adobe Flash Player. These

vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted SWF
file that would cause flash-plugin to crash, execute arbitrary code, or disclose
sensitive information when the victim loaded a page containing the malicious SWF
content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013,
CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018,
CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023,
CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,
CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033)

Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.7 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.7 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.7 i386

Fixes

  • BZ - 1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10

Red Hat Enterprise Linux Server 6

SRPM
x86_64
flash-plugin-11.2.202.616-1.el6_7.i686.rpm SHA-256: 180b7d67e70190f1a346be354b86eb6e9edcd30f0c1d8313f18c907a86df7092
i386
flash-plugin-11.2.202.616-1.el6_7.i686.rpm SHA-256: 180b7d67e70190f1a346be354b86eb6e9edcd30f0c1d8313f18c907a86df7092

Red Hat Enterprise Linux Server 5

SRPM
x86_64
flash-plugin-11.2.202.616-1.el5.i386.rpm SHA-256: c9a3ab0f9717086d8d19ba6a7707130b06becf9ba1d465364f1ee3420abd05d3
i386
flash-plugin-11.2.202.616-1.el5.i386.rpm SHA-256: c9a3ab0f9717086d8d19ba6a7707130b06becf9ba1d465364f1ee3420abd05d3

Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.7

SRPM
x86_64
flash-plugin-11.2.202.616-1.el6_7.i686.rpm SHA-256: 180b7d67e70190f1a346be354b86eb6e9edcd30f0c1d8313f18c907a86df7092
i386
flash-plugin-11.2.202.616-1.el6_7.i686.rpm SHA-256: 180b7d67e70190f1a346be354b86eb6e9edcd30f0c1d8313f18c907a86df7092

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
flash-plugin-11.2.202.616-1.el6_7.i686.rpm SHA-256: 180b7d67e70190f1a346be354b86eb6e9edcd30f0c1d8313f18c907a86df7092
i386
flash-plugin-11.2.202.616-1.el6_7.i686.rpm SHA-256: 180b7d67e70190f1a346be354b86eb6e9edcd30f0c1d8313f18c907a86df7092

Red Hat Enterprise Linux Workstation 5

SRPM
x86_64
flash-plugin-11.2.202.616-1.el5.i386.rpm SHA-256: c9a3ab0f9717086d8d19ba6a7707130b06becf9ba1d465364f1ee3420abd05d3
i386
flash-plugin-11.2.202.616-1.el5.i386.rpm SHA-256: c9a3ab0f9717086d8d19ba6a7707130b06becf9ba1d465364f1ee3420abd05d3

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
flash-plugin-11.2.202.616-1.el6_7.i686.rpm SHA-256: 180b7d67e70190f1a346be354b86eb6e9edcd30f0c1d8313f18c907a86df7092
i386
flash-plugin-11.2.202.616-1.el6_7.i686.rpm SHA-256: 180b7d67e70190f1a346be354b86eb6e9edcd30f0c1d8313f18c907a86df7092

Red Hat Enterprise Linux Desktop 5

SRPM
x86_64
flash-plugin-11.2.202.616-1.el5.i386.rpm SHA-256: c9a3ab0f9717086d8d19ba6a7707130b06becf9ba1d465364f1ee3420abd05d3
i386
flash-plugin-11.2.202.616-1.el5.i386.rpm SHA-256: c9a3ab0f9717086d8d19ba6a7707130b06becf9ba1d465364f1ee3420abd05d3

Red Hat Enterprise Linux Server from RHUI 6

SRPM
x86_64
flash-plugin-11.2.202.616-1.el6_7.i686.rpm SHA-256: 180b7d67e70190f1a346be354b86eb6e9edcd30f0c1d8313f18c907a86df7092
i386
flash-plugin-11.2.202.616-1.el6_7.i686.rpm SHA-256: 180b7d67e70190f1a346be354b86eb6e9edcd30f0c1d8313f18c907a86df7092

Red Hat Enterprise Linux Server from RHUI 5

SRPM
x86_64
flash-plugin-11.2.202.616-1.el5.i386.rpm SHA-256: c9a3ab0f9717086d8d19ba6a7707130b06becf9ba1d465364f1ee3420abd05d3
i386
flash-plugin-11.2.202.616-1.el5.i386.rpm SHA-256: c9a3ab0f9717086d8d19ba6a7707130b06becf9ba1d465364f1ee3420abd05d3

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.7

SRPM
x86_64
flash-plugin-11.2.202.616-1.el6_7.i686.rpm SHA-256: 180b7d67e70190f1a346be354b86eb6e9edcd30f0c1d8313f18c907a86df7092
i386
flash-plugin-11.2.202.616-1.el6_7.i686.rpm SHA-256: 180b7d67e70190f1a346be354b86eb6e9edcd30f0c1d8313f18c907a86df7092

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.