Bug 1375725 (CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932) - flash-plugin: multiple code execution issues fixed in APSB16-29
Summary: flash-plugin: multiple code execution issues fixed in APSB16-29
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1375728 1375729 1375730
Blocks: 1375726
TreeView+ depends on / blocked
 
Reported: 2016-09-13 20:36 UTC by Tomas Hoger
Modified: 2019-09-29 13:56 UTC (History)
5 users (show)

Fixed In Version: flash-plugin 11.2.202.635
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-14 07:24:13 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:1865 normal SHIPPED_LIVE Critical: flash-plugin security update 2016-09-14 11:14:02 UTC

Description Tomas Hoger 2016-09-13 20:36:26 UTC
Adobe Security Bulletin APSB16-29 for Adobe Flash Player describes multiple flaws that can possibly lead to code execution when Flash Player is used to play a specially crafted SWF file.

Quoting from the APSB16-29:

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2016-4287).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932).

These updates resolve security bypass vulnerabilities that could lead to information disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924).

External References:

https://helpx.adobe.com/security/products/flash-player/apsb16-29.html

Comment 1 Tomas Hoger 2016-09-13 20:38:52 UTC
Note that APSB16-29 claims to fix CVE-2016-4182, CVE-2016-4237, and CVE-2016-4238.  Those issue are also listed as fixed in APSB16-25 released in July - see bug 1355971.

Comment 3 Tomas Hoger 2016-09-14 06:24:38 UTC
(In reply to Tomas Hoger from comment #1)
> Note that APSB16-29 claims to fix CVE-2016-4182, CVE-2016-4237, and
> CVE-2016-4238.  Those issue are also listed as fixed in APSB16-25 released
> in July - see bug 1355971.

APSB16-29 was updated to remove those incorrectly listed CVEs:

  September 13, 2016: Removed CVE-2016-4182, CVE-2016-4237 and CVE-2016-4238,
  which were inadvertently included in the original version of this bulletin.

Comment 4 errata-xmlrpc 2016-09-14 07:16:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary
  Red Hat Enterprise Linux 5 Supplementary

Via RHSA-2016:1865 https://rhn.redhat.com/errata/RHSA-2016-1865.html


Note You need to log in before you can comment on or make changes to this bug.