Red Hat Bugzilla – Bug 1294580
flash-plugin: multiple code execution issues fixed in APSB16-01
Last modified: 2016-11-08 10:53:12 EST
Adobe Security Bulletin APSB16-01 for Adobe Flash Player describes multiple flaws that can possibly lead to code execution when Flash Player is used to play a specially crafted SWF file.
Quoting from the APSB16-01:
These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8644).
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8651).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645).
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:2697 https://rhn.redhat.com/errata/RHSA-2015-2697.html
Update from 2016/06/23:
"June 23, 2016: Added reference for CVE-2016-0959, which was resolved in these updates but inadvertently omitted from the original version of the bulletin."