Bug 1240832 (CVE-2015-5119)

Summary: CVE-2015-5119 flash-plugin: code execution issue in APSA15-03 / APSB15-16
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: ed.costello, emhuang, mmelanso, mtilburg, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: flash-plugin 11.2.202.481 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-08 21:29:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1240835, 1240836, 1240837    
Bug Blocks: 1240834    

Description Tomas Hoger 2015-07-07 21:21:43 UTC 
Adobe Security Advisory APSA15-03 for Adobe Flash Player documents a flaw that can possibly lead to code execution when Flash Player is used to play a specially crafted SWF file.

Quoting from the APSA15-03:

A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  

Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8, 2015.

https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
Comment 2 Tomas Hoger 2015-07-08 14:49:57 UTC 
According to the information from CERT and antivirus vendors, this issue was made public when an exploit for it was found in the data dump from the Hacking Team incident.  The issue is reported to be a use-after-free vulnerability in ActionScript 3 ByteArray.  Exploits for this flaw are being incorporated into popular exploit kits.

http://www.kb.cert.org/vuls/id/561288
http://www.symantec.com/connect/blogs/leaked-flash-zero-day-likely-be-exploited-attackers
http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-integrated-into-exploit-kits/
Comment 3 Tomas Hoger 2015-07-08 15:50:35 UTC 
This issue is fixed now in version 11.2.202.481.

Adobe Security Bulletin APSB15-16 for Adobe Flash Player confirms this is a use-after-free vulnerability:

These updates resolve use-after-free vulnerabilities that could lead to code execution (..., CVE-2015-5119).

External References:

https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
Comment 4 errata-xmlrpc 2015-07-08 20:47:32 UTC 
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2015:1214 https://rhn.redhat.com/errata/RHSA-2015-1214.html