(RHSA-2015:1005) Critical: flash-plugin security update

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-09
listed in the References section.

Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-3077, CVE-2015-3078, CVE-2015-3080, CVE-2015-3082,
CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,
CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)

A security bypass flaw was found in flash-plugin that could lead to the
disclosure of sensitive information. (CVE-2015-3079)

Two memory information leak flaws were found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
(CVE-2015-3091, CVE-2015-3092)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.460.