Lucene search

K
redhatRedHatRHSA-2015:0697
HistoryMar 17, 2015 - 12:00 a.m.

(RHSA-2015:0697) Critical: flash-plugin security update

2015-03-1700:00:00
access.redhat.com
14

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.3%

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-05
listed in the References section.

Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339,
CVE-2015-0334, CVE-2015-0336, CVE-2015-0338, CVE-2015-0341, CVE-2015-0342)

This update also fixes a cross-domain policy bypass flaw and a file upload
restriction bypass flaw. (CVE-2015-0337, CVE-2015-0340)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.451.

OSVersionArchitecturePackageVersionFilename
RedHat5i386flash-plugin< 11.2.202.451-1.el5flash-plugin-11.2.202.451-1.el5.i386.rpm
RedHat6i686flash-plugin< 11.2.202.451-1.el6flash-plugin-11.2.202.451-1.el6.i686.rpm

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.3%