Bug 1252697 (CVE-2015-5127, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)

Summary: flash-plugin: multiple code execution flaws (APSB15-19)
Product: [Other] Security Response Reporter: Martin Prpič <mprpic>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: ed.costello, emhuang, mmelanso, stransky, vkaigoro
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: flash-plugin 11.2.202.508 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-12 15:49:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1252709, 1252710, 1252711    
Bug Blocks: 1252700    

Description Martin Prpič 2015-08-12 06:17:11 UTC 
Adobe Security Bulletin APSB15-19 for Adobe Flash Player describes multiple flaws that can possibly lead to code execution when Flash Player is used to play a specially crafted SWF file.

Quoting from the APSB15-19:

These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).

These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).

These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).

External References:

https://helpx.adobe.com/security/products/flash-player/apsb15-19.html
Comment 2 errata-xmlrpc 2015-08-12 15:39:29 UTC 
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2015:1603 https://rhn.redhat.com/errata/RHSA-2015-1603.html
Comment 3 Martin Prpič 2015-10-09 11:20:30 UTC 
Removed CVE-2015-5128 based on reject notice from MITRE:

Name: CVE-2015-5128
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5128

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This
candidate was withdrawn by its CNA. Further investigation showed that
it was not a security issue. Notes: none.