(RHSA-2012:0144) Critical: flash-plugin security update

2012-02-1700:00:00

access.redhat.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security page APSB12-03, listed
in the References section.

Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-0752,
CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756)

A flaw in flash-plugin could allow an attacker to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2012-0767)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.3.183.15.

OSVersionArchitecturePackageVersionFilename
RedHat6i686flash-plugin< 10.3.183.15-1.el6flash-plugin-10.3.183.15-1.el6.i686.rpm
RedHat5i386flash-plugin< 10.3.183.15-1.el5flash-plugin-10.3.183.15-1.el5.i386.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	i686	flash-plugin	< 10.3.183.15-1.el6	flash-plugin-10.3.183.15-1.el6.i686.rpm
RedHat	5	i386	flash-plugin	< 10.3.183.15-1.el5	flash-plugin-10.3.183.15-1.el5.i386.rpm