Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5054 to the following vulnerability: Name: CVE-2012-5054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5054 Assigned: 20120921 Reference: http://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.html Reference: http://www.adobe.com/support/security/bulletins/apsb12-19.html Reference: http://www.vupen.com/english/services/ba-index.php Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
I've asked Adobe for clarification as to whether this affects the Linux version (11.2.x) that was also fixed via APSB12-19, so we're currently unsure whether this affects RHEL or not, or whether it is has been fixed or not if it had.
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1173 https://rhn.redhat.com/errata/RHSA-2012-1173.html This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2012:1203 https://rhn.redhat.com/errata/RHSA-2012-1203.html
Adobe has finally clarified that, for Linux, CVE-2012-5054 affects Flash Player version 11.2.202.236 and earlier, and was addressed in 11.2.202.238 (see APSB12-19 for more details).