Bug 1221054 (CVE-2015-3091, CVE-2015-3092)

Summary: CVE-2015-3091 CVE-2015-3092 flash-plugin: information leaks leading to ASLR bypass (APSB15-09)
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ed.costello, emhuang, mmelanso, mtilburg, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: flash-plugin 11.2.202.460 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-05-13 13:01:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1221038, 1221039, 1221040    
Bug Blocks: 1221049    

Description Tomas Hoger 2015-05-13 08:48:24 UTC 
Adobe Security Bulletin APSB15-09 for Adobe Flash Player describes two information leak issues which can possibly be used to bypass ASLR (Address space layout randomization) protection and make it easier to exploit other flaws.

Quoting from the APSB15-09:

These updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-3091, CVE-2015-3092). 

External References:

https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
Comment 1 errata-xmlrpc 2015-05-13 12:44:38 UTC 
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2015:1005 https://rhn.redhat.com/errata/RHSA-2015-1005.html