Adobe Security Bulletin APSB16-39 for Adobe Flash Player describes multiple flaws that can possibly lead to code execution when Flash Player is used to play a specially crafted SWF file.
Quoting from the APSB16-39:
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-7872, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7892).
These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-7871, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876).
These updates resolve a security bypass vulnerability (CVE-2016-7890).
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2016:2947 https://rhn.redhat.com/errata/RHSA-2016-2947.html
Are there any plans to fix this in RHEL5?
New Flash version is no longer compatible with Red Hat Enterprise Linux 5, see bug 1404590.