Red Hat Enterprise Linux update for Adobe Flash Player



| Updated: 2017-05-29
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2017-3068
CVE-2017-3069
CVE-2017-3070
CVE-2017-3071
CVE-2017-3072
CVE-2017-3073
CVE-2017-3074
CWE-ID CWE-119
CWE-416
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU6440

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-3068

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Red Hat Enterprise Linux Server 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2017:1219


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Memory corruption

EUVDB-ID: #VU6441

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3069

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Red Hat Enterprise Linux Server 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2017:1219


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory corruption

EUVDB-ID: #VU6442

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3070

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Red Hat Enterprise Linux Server 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2017:1219


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free error

EUVDB-ID: #VU6439

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3071

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Red Hat Enterprise Linux Server 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2017:1219


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory corruption

EUVDB-ID: #VU6443

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3072

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Red Hat Enterprise Linux Server 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2017:1219


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory corruption

EUVDB-ID: #VU6444

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3073

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Red Hat Enterprise Linux Server 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2017:1219


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory corruption

EUVDB-ID: #VU6445

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3074

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when processing .swf files. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Red Hat Enterprise Linux Server 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e
i386
flash-plugin-25.0.0.171-1.el6_9.i686.rpm SHA-256: 4c20baf46869df648ff38c2bd5160acf3e7fdfe426cd7dfadc55d99faf44b17e

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2017:1219


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###