Bug 1375725 (CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)

Summary: flash-plugin: multiple code execution issues fixed in APSB16-29
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: ed.costello, emhuang, mmelanso, mtilburg, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: flash-plugin 11.2.202.635 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-14 07:24:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1375728, 1375729, 1375730    
Bug Blocks: 1375726    

Description Tomas Hoger 2016-09-13 20:36:26 UTC
Adobe Security Bulletin APSB16-29 for Adobe Flash Player describes multiple flaws that can possibly lead to code execution when Flash Player is used to play a specially crafted SWF file.

Quoting from the APSB16-29:

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2016-4287).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932).

These updates resolve security bypass vulnerabilities that could lead to information disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924).

External References:

https://helpx.adobe.com/security/products/flash-player/apsb16-29.html

Comment 1 Tomas Hoger 2016-09-13 20:38:52 UTC
Note that APSB16-29 claims to fix CVE-2016-4182, CVE-2016-4237, and CVE-2016-4238.  Those issue are also listed as fixed in APSB16-25 released in July - see bug 1355971.

Comment 3 Tomas Hoger 2016-09-14 06:24:38 UTC
(In reply to Tomas Hoger from comment #1)
> Note that APSB16-29 claims to fix CVE-2016-4182, CVE-2016-4237, and
> CVE-2016-4238.  Those issue are also listed as fixed in APSB16-25 released
> in July - see bug 1355971.

APSB16-29 was updated to remove those incorrectly listed CVEs:

  September 13, 2016: Removed CVE-2016-4182, CVE-2016-4237 and CVE-2016-4238,
  which were inadvertently included in the original version of this bulletin.

Comment 4 errata-xmlrpc 2016-09-14 07:16:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary
  Red Hat Enterprise Linux 5 Supplementary

Via RHSA-2016:1865 https://rhn.redhat.com/errata/RHSA-2016-1865.html