Red Hat Bugzilla – Bug 1265121
flash-plugin: information leaks and hardening bypass fixed in APSB15-23
Last modified: 2015-11-24 07:24:28 EST
Adobe Security Bulletin APSB15-23 for Adobe Flash Player describes multiple flaws that can possibly lead to disclosure of sensitive information or allow bypass of exploitation protections when Flash Player is used to play a specially crafted SWF file.
Quoting from the APSB15-23:
These updates include additional validation checks to ensure that Flash Player rejects malicious content from vulnerable JSONP callback APIs (CVE-2015-5571).
These updates resolve a memory leak vulnerability (CVE-2015-5576).
These updates include further hardening to a mitigation to defend against vector length corruptions (CVE-2015-5568).
These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-5572).
These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-6679).
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Supplementary for Red Hat Enterprise Linux 5
Via RHSA-2015:1814 https://rhn.redhat.com/errata/RHSA-2015-1814.html