Red Hat Bugzilla – Bug 1306015
flash-plugin: multiple code execution issues fixed in APSB16-04
Last modified: 2016-02-10 16:18:45 EST
Adobe Security Bulletin APSB16-04 for Adobe Flash Player describes multiple flaws that can possibly lead to code execution when Flash Player is used to play a specially crafted SWF file.
Quoting from the APSB16-04:
These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2016-0985).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984).
These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-0971).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981).
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Supplementary for Red Hat Enterprise Linux 5
Via RHSA-2016:0166 https://rhn.redhat.com/errata/RHSA-2016-0166.html