Bug 1190068 (CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330, CVE-2015-0331)

Summary: flash-plugin: multiple code execution flaws (APSB15-04)
Product: [Other] Security Response Reporter: Martin Prpič <mprpic>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: ed.costello, emhuang, mmelanso, mtilburg, stransky, vkaigoro
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: flash 11.2.202.442 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-06 14:55:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1190081, 1190082, 1190083    
Bug Blocks: 1188332    

Description Martin Prpič 2015-02-06 09:09:26 UTC 
Adobe has released Flash Player 11.2.202.442 for Linux to correct the following flaws:

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330).

These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-0317, CVE-2015-0319).

These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323, CVE-2015-0327).

These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-0324).

These updates resolve null pointer dereference issues (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328).

External References:

https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Comment 2 Tomas Hoger 2015-02-06 13:12:45 UTC 
Note that CVE-2015-0313 is tracked via separate bug 1188329.  According to information in APSA15-02 Flash Player versions 11.x were not affected by that issue.
Comment 3 errata-xmlrpc 2015-02-06 14:38:10 UTC 
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2015:0140 https://rhn.redhat.com/errata/RHSA-2015-0140.html
Comment 4 Vasyl Kaigorodov 2015-02-20 16:54:19 UTC 
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html was updated today with:
"""
Added reference to CVE-2015-0331, which was resolved in 16.0.0.305, 13.0.0.269 and 11.2.202.442 but inadvertently omitted from the bulletin.  
"""
Adding alias.