Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-2987 (GCVE-0-2017-2987)
Vulnerability from cvelistv5
- Integer Overflow
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Adobe Flash Player 24.0.0.194 and earlier. |
Version: Adobe Flash Player 24.0.0.194 and earlier. |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:09:17.802Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96194", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96194" }, { "name": "GLSA-201702-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201702-20" }, { "name": "RHSA-2017:0275", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html" }, { "name": "1037815", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037815" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Adobe Flash Player 24.0.0.194 and earlier.", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Adobe Flash Player 24.0.0.194 and earlier." } ] } ], "datePublic": "2017-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Integer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "96194", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96194" }, { "name": "GLSA-201702-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201702-20" }, { "name": "RHSA-2017:0275", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html" }, { "name": "1037815", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037815" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2017-2987", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe Flash Player 24.0.0.194 and earlier.", "version": { "version_data": [ { "version_value": "Adobe Flash Player 24.0.0.194 and earlier." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Integer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "96194", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96194" }, { "name": "GLSA-201702-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201702-20" }, { "name": "RHSA-2017:0275", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html" }, { "name": "1037815", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037815" }, { "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2017-2987", "datePublished": "2017-02-15T06:11:00", "dateReserved": "2016-12-02T00:00:00", "dateUpdated": "2024-08-05T14:09:17.802Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-2987\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2017-02-15T06:59:00.620\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de desbordamiento de entero relacionada con Flash Broker COM. La explotaci\u00f3n exitosa podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\",\"versionEndIncluding\":\"24.0.0.194\",\"matchCriteriaId\":\"72027AB8-CD81-4DC3-9898-F4CE2BAE309A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\",\"versionEndIncluding\":\"24.0.0.194\",\"matchCriteriaId\":\"DB881360-123D-413E-88F3-C402DD92D1D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*\",\"versionEndIncluding\":\"24.0.0.194\",\"matchCriteriaId\":\"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"24.0.0.194\",\"matchCriteriaId\":\"EAA0C4E6-7324-424C-A7C8-DEE39551A847\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0275.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/96194\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037815\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201702-20\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0275.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/96194\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037815\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201702-20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
gsd-2017-2987
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2017-2987", "description": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.", "id": "GSD-2017-2987", "references": [ "https://www.suse.com/security/cve/CVE-2017-2987.html", "https://access.redhat.com/errata/RHSA-2017:0275", "https://advisories.mageia.org/CVE-2017-2987.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2017-2987" ], "details": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.", "id": "GSD-2017-2987", "modified": "2023-12-13T01:21:05.632102Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2017-2987", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Adobe Flash Player 24.0.0.194 and earlier.", "version": { "version_data": [ { "version_value": "Adobe Flash Player 24.0.0.194 and earlier." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Integer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "96194", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96194" }, { "name": "GLSA-201702-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201702-20" }, { "name": "RHSA-2017:0275", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html" }, { "name": "1037815", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037815" }, { "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*", "cpe_name": [], "versionEndIncluding": "24.0.0.194", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*", "cpe_name": [], "versionEndIncluding": "24.0.0.194", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*", "cpe_name": [], "versionEndIncluding": "24.0.0.194", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "24.0.0.194", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2017-2987" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-190" } ] } ] }, "references": { "reference_data": [ { "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" }, { "name": "96194", "refsource": "BID", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/96194" }, { "name": "GLSA-201702-20", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201702-20" }, { "name": "1037815", "refsource": "SECTRACK", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1037815" }, { "name": "RHSA-2017:0275", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } }, "lastModifiedDate": "2022-11-17T20:59Z", "publishedDate": "2017-02-15T06:59Z" } } }
rhsa-2017_0275
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 24.0.0.221.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:0275", "url": "https://access.redhat.com/errata/RHSA-2017:0275" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" }, { "category": "external", "summary": "1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0275.json" } ], "title": "Red Hat Security Advisory: flash-plugin security update", "tracking": { "current_release_date": "2024-11-14T22:38:41+00:00", "generator": { "date": "2024-11-14T22:38:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2017:0275", "initial_release_date": "2017-02-15T10:38:01+00:00", "revision_history": [ { "date": "2017-02-15T10:38:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-02-15T10:38:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T22:38:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.8.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.8.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.8.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "product": { "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "product_id": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/flash-plugin@24.0.0.221-1.el6_8?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" }, "product_reference": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "relates_to_product_reference": "6Client-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" }, "product_reference": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "relates_to_product_reference": "6Server-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" }, "product_reference": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.8.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-2982", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2982" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2982", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2982" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2982", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2982" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2984", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2984" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2984", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2984" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2984", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2984" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2985", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2985" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2985", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2985" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2985", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2985" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2986", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2986" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2986", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2986" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2986", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2986" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2987", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2987" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2987", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2987" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2987", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2987" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2988", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2988" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2988", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2988" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2988", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2988" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2990", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2990" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2990", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2990" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2990", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2990" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2991", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2991" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2991", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2991" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2991", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2991" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2992", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2992" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2992", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2992" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2992", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2992" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2993", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2993" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2993", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2993" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2993", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2993" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2995", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2995" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2995", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2995" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2995", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2995" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2996", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2996" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2996", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2996" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2996", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2996" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" } ] }
RHSA-2017:0275
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 24.0.0.221.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:0275", "url": "https://access.redhat.com/errata/RHSA-2017:0275" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" }, { "category": "external", "summary": "1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0275.json" } ], "title": "Red Hat Security Advisory: flash-plugin security update", "tracking": { "current_release_date": "2024-11-14T22:38:41+00:00", "generator": { "date": "2024-11-14T22:38:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2017:0275", "initial_release_date": "2017-02-15T10:38:01+00:00", "revision_history": [ { "date": "2017-02-15T10:38:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-02-15T10:38:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T22:38:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.8.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.8.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.8.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "product": { "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "product_id": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/flash-plugin@24.0.0.221-1.el6_8?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" }, "product_reference": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "relates_to_product_reference": "6Client-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" }, "product_reference": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "relates_to_product_reference": "6Server-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" }, "product_reference": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.8.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-2982", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2982" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2982", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2982" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2982", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2982" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2984", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2984" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2984", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2984" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2984", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2984" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2985", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2985" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2985", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2985" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2985", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2985" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2986", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2986" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2986", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2986" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2986", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2986" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2987", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2987" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2987", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2987" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2987", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2987" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2988", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2988" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2988", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2988" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2988", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2988" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2990", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2990" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2990", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2990" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2990", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2990" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2991", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2991" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2991", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2991" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2991", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2991" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2992", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2992" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2992", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2992" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2992", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2992" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2993", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2993" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2993", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2993" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2993", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2993" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2995", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2995" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2995", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2995" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2995", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2995" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2996", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2996" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2996", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2996" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2996", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2996" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" } ] }
rhsa-2017:0275
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 24.0.0.221.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:0275", "url": "https://access.redhat.com/errata/RHSA-2017:0275" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" }, { "category": "external", "summary": "1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0275.json" } ], "title": "Red Hat Security Advisory: flash-plugin security update", "tracking": { "current_release_date": "2024-11-14T22:38:41+00:00", "generator": { "date": "2024-11-14T22:38:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2017:0275", "initial_release_date": "2017-02-15T10:38:01+00:00", "revision_history": [ { "date": "2017-02-15T10:38:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-02-15T10:38:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T22:38:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.8.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.8.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.8.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "product": { "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "product_id": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/flash-plugin@24.0.0.221-1.el6_8?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" }, "product_reference": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "relates_to_product_reference": "6Client-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" }, "product_reference": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "relates_to_product_reference": "6Server-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "flash-plugin-0:24.0.0.221-1.el6_8.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" }, "product_reference": "flash-plugin-0:24.0.0.221-1.el6_8.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.8.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-2982", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2982" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2982", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2982" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2982", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2982" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2984", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2984" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2984", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2984" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2984", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2984" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2985", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2985" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2985", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2985" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2985", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2985" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2986", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2986" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2986", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2986" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2986", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2986" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2987", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2987" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2987", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2987" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2987", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2987" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2988", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2988" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2988", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2988" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2988", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2988" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2990", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2990" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2990", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2990" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2990", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2990" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2991", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2991" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2991", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2991" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2991", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2991" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2992", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2992" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2992", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2992" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2992", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2992" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2993", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2993" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2993", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2993" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2993", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2993" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2995", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2995" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2995", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2995" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2995", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2995" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" }, { "cve": "CVE-2017-2996", "discovery_date": "2017-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422237" } ], "notes": [ { "category": "description", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "flash-plugin: multiple code execution issues fixed in APSB17-04", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2996" }, { "category": "external", "summary": "RHBZ#1422237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422237" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2996", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2996" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2996", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2996" }, { "category": "external", "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-02-15T10:38:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0275" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Server-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686", "6Workstation-Supplementary-6.8.z:flash-plugin-0:24.0.0.221-1.el6_8.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "flash-plugin: multiple code execution issues fixed in APSB17-04" } ] }
cnvd-2017-01780
Vulnerability from cnvd
Title: Adobe Flash Player整数溢出漏洞(CNVD-2017-01780)
Description:
Adobe Flash Player是美国Adobe公司开发的一款广泛使用的、专有的多媒体程序播放器。
Adobe Flash Player存在整数溢出漏洞,攻击者可利用漏洞构建恶意WEB页,诱使用户解析,可使应用程序崩溃或执行任意代码。
Severity: 高
Patch Name: Adobe Flash Player整数溢出漏洞(CNVD-2017-01780)的补丁
Patch Description:
Adobe Flash Player是美国Adobe公司开发的一款广泛使用的、专有的多媒体程序播放器。
Adobe Flash Player存在整数溢出漏洞,攻击者可利用漏洞构建恶意WEB页,诱使用户解析,可使应用程序崩溃或执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
Reference: https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
Name | ['Adobe Flash Player(for Microsoft Edge and Internet Explorer 11) <=24.0.0.194', 'Adobe Flash Player(for Google Chrome) <=24.0.0.194', 'Adobe Flash Player Desktop Runtime <=24.0.0.194'] |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2017-2987" } }, "description": "Adobe Flash Player\u662f\u7f8e\u56fdAdobe\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e\u5e7f\u6cdb\u4f7f\u7528\u7684\u3001\u4e13\u6709\u7684\u591a\u5a92\u4f53\u7a0b\u5e8f\u64ad\u653e\u5668\u3002 \r\n\r\nAdobe Flash Player\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002", "discovererName": "Adobe", "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2017-01780", "openTime": "2017-02-22", "patchDescription": "Adobe Flash Player\u662f\u7f8e\u56fdAdobe\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e\u5e7f\u6cdb\u4f7f\u7528\u7684\u3001\u4e13\u6709\u7684\u591a\u5a92\u4f53\u7a0b\u5e8f\u64ad\u653e\u5668\u3002 \r\n\r\nAdobe Flash Player\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "Adobe Flash Player\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2017-01780\uff09\u7684\u8865\u4e01", "products": { "product": [ "Adobe Flash Player\uff08for Microsoft Edge and Internet Explorer 11\uff09 \u003c=24.0.0.194", "Adobe Flash Player\uff08for Google Chrome\uff09 \u003c=24.0.0.194", "Adobe Flash Player Desktop Runtime \u003c=24.0.0.194" ] }, "referenceLink": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "serverity": "\u9ad8", "submitTime": "2017-02-15", "title": "Adobe Flash Player\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2017-01780\uff09" }
suse-su-2017:0523-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for flash-player", "title": "Title of the patch" }, { "category": "description", "text": "\nThe Adobe flash-player was updated to 24.0.0.221 to fix the following issues:\n\nSecurity update to 24.0.0.221 (bsc#1025258), fixing the following\n vulnerabilities advised under APSB17-04:\n\n* type confusion vulnerability that could lead to code execution (CVE-2017-2995).\n* integer overflow vulnerability that could lead to code execution (CVE-2017-2987).\n* use-after-free vulnerabilities that could lead to code execution (CVE-2017-2982, CVE-2017-2985, CVE-2017-2993, CVE-2017-2994).\n* heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017- 2984, CVE-2017-2986, CVE-2017-2992).\n* memory corruption vulnerabilities that could lead to code execution (CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2996).\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-SLE-DESKTOP-12-SP1-2017-268,SUSE-SLE-WE-12-SP1-2017-268", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0523-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2017:0523-1", "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170523-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2017:0523-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-February/002657.html" }, { "category": "self", "summary": "SUSE Bug 1025258", "url": "https://bugzilla.suse.com/1025258" }, { "category": "self", "summary": "SUSE CVE CVE-2017-2982 page", "url": "https://www.suse.com/security/cve/CVE-2017-2982/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-2985 page", "url": "https://www.suse.com/security/cve/CVE-2017-2985/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-2986 page", "url": "https://www.suse.com/security/cve/CVE-2017-2986/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-2987 page", "url": "https://www.suse.com/security/cve/CVE-2017-2987/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-2988 page", "url": "https://www.suse.com/security/cve/CVE-2017-2988/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-2990 page", "url": "https://www.suse.com/security/cve/CVE-2017-2990/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-2991 page", "url": "https://www.suse.com/security/cve/CVE-2017-2991/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-2992 page", "url": "https://www.suse.com/security/cve/CVE-2017-2992/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-2993 page", "url": "https://www.suse.com/security/cve/CVE-2017-2993/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-2994 page", "url": "https://www.suse.com/security/cve/CVE-2017-2994/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-2995 page", "url": "https://www.suse.com/security/cve/CVE-2017-2995/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-2996 page", "url": "https://www.suse.com/security/cve/CVE-2017-2996/" } ], "title": "Security update for flash-player", "tracking": { "current_release_date": "2017-02-20T12:06:55Z", "generator": { "date": "2017-02-20T12:06:55Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2017:0523-1", "initial_release_date": "2017-02-20T12:06:55Z", "revision_history": [ { "date": "2017-02-20T12:06:55Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "flash-player-24.0.0.221-158.1.x86_64", "product": { "name": "flash-player-24.0.0.221-158.1.x86_64", "product_id": "flash-player-24.0.0.221-158.1.x86_64" } }, { "category": "product_version", "name": "flash-player-gnome-24.0.0.221-158.1.x86_64", "product": { "name": "flash-player-gnome-24.0.0.221-158.1.x86_64", "product_id": "flash-player-gnome-24.0.0.221-158.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12 SP1", "product": { "name": "SUSE Linux Enterprise Desktop 12 SP1", "product_id": "SUSE Linux Enterprise Desktop 12 SP1", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12:sp1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Workstation Extension 12 SP1", "product": { "name": "SUSE Linux Enterprise Workstation Extension 12 SP1", "product_id": "SUSE Linux Enterprise Workstation Extension 12 SP1", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-we:12:sp1" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "flash-player-24.0.0.221-158.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", "product_id": "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64" }, "product_reference": "flash-player-24.0.0.221-158.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "flash-player-gnome-24.0.0.221-158.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", "product_id": "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" }, "product_reference": "flash-player-gnome-24.0.0.221-158.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "flash-player-24.0.0.221-158.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP1", "product_id": "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64" }, "product_reference": "flash-player-24.0.0.221-158.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "flash-player-gnome-24.0.0.221-158.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP1", "product_id": "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" }, "product_reference": "flash-player-gnome-24.0.0.221-158.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP1" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-2982", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-2982" } ], "notes": [ { "category": "general", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-2982", "url": "https://www.suse.com/security/cve/CVE-2017-2982" }, { "category": "external", "summary": "SUSE Bug 1025258 for CVE-2017-2982", "url": "https://bugzilla.suse.com/1025258" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-02-20T12:06:55Z", "details": "critical" } ], "title": "CVE-2017-2982" }, { "cve": "CVE-2017-2985", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-2985" } ], "notes": [ { "category": "general", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-2985", "url": "https://www.suse.com/security/cve/CVE-2017-2985" }, { "category": "external", "summary": "SUSE Bug 1025258 for CVE-2017-2985", "url": "https://bugzilla.suse.com/1025258" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-02-20T12:06:55Z", "details": "critical" } ], "title": "CVE-2017-2985" }, { "cve": "CVE-2017-2986", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-2986" } ], "notes": [ { "category": "general", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-2986", "url": "https://www.suse.com/security/cve/CVE-2017-2986" }, { "category": "external", "summary": "SUSE Bug 1025258 for CVE-2017-2986", "url": "https://bugzilla.suse.com/1025258" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-02-20T12:06:55Z", "details": "critical" } ], "title": "CVE-2017-2986" }, { "cve": "CVE-2017-2987", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-2987" } ], "notes": [ { "category": "general", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-2987", "url": "https://www.suse.com/security/cve/CVE-2017-2987" }, { "category": "external", "summary": "SUSE Bug 1025258 for CVE-2017-2987", "url": "https://bugzilla.suse.com/1025258" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-02-20T12:06:55Z", "details": "critical" } ], "title": "CVE-2017-2987" }, { "cve": "CVE-2017-2988", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-2988" } ], "notes": [ { "category": "general", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-2988", "url": "https://www.suse.com/security/cve/CVE-2017-2988" }, { "category": "external", "summary": "SUSE Bug 1025258 for CVE-2017-2988", "url": "https://bugzilla.suse.com/1025258" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-02-20T12:06:55Z", "details": "critical" } ], "title": "CVE-2017-2988" }, { "cve": "CVE-2017-2990", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-2990" } ], "notes": [ { "category": "general", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-2990", "url": "https://www.suse.com/security/cve/CVE-2017-2990" }, { "category": "external", "summary": "SUSE Bug 1025258 for CVE-2017-2990", "url": "https://bugzilla.suse.com/1025258" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-02-20T12:06:55Z", "details": "critical" } ], "title": "CVE-2017-2990" }, { "cve": "CVE-2017-2991", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-2991" } ], "notes": [ { "category": "general", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-2991", "url": "https://www.suse.com/security/cve/CVE-2017-2991" }, { "category": "external", "summary": "SUSE Bug 1025258 for CVE-2017-2991", "url": "https://bugzilla.suse.com/1025258" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-02-20T12:06:55Z", "details": "critical" } ], "title": "CVE-2017-2991" }, { "cve": "CVE-2017-2992", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-2992" } ], "notes": [ { "category": "general", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-2992", "url": "https://www.suse.com/security/cve/CVE-2017-2992" }, { "category": "external", "summary": "SUSE Bug 1025258 for CVE-2017-2992", "url": "https://bugzilla.suse.com/1025258" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-02-20T12:06:55Z", "details": "critical" } ], "title": "CVE-2017-2992" }, { "cve": "CVE-2017-2993", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-2993" } ], "notes": [ { "category": "general", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-2993", "url": "https://www.suse.com/security/cve/CVE-2017-2993" }, { "category": "external", "summary": "SUSE Bug 1025258 for CVE-2017-2993", "url": "https://bugzilla.suse.com/1025258" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-02-20T12:06:55Z", "details": "critical" } ], "title": "CVE-2017-2993" }, { "cve": "CVE-2017-2994", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-2994" } ], "notes": [ { "category": "general", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-2994", "url": "https://www.suse.com/security/cve/CVE-2017-2994" }, { "category": "external", "summary": "SUSE Bug 1025258 for CVE-2017-2994", "url": "https://bugzilla.suse.com/1025258" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-02-20T12:06:55Z", "details": "critical" } ], "title": "CVE-2017-2994" }, { "cve": "CVE-2017-2995", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-2995" } ], "notes": [ { "category": "general", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-2995", "url": "https://www.suse.com/security/cve/CVE-2017-2995" }, { "category": "external", "summary": "SUSE Bug 1025258 for CVE-2017-2995", "url": "https://bugzilla.suse.com/1025258" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-02-20T12:06:55Z", "details": "critical" } ], "title": "CVE-2017-2995" }, { "cve": "CVE-2017-2996", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-2996" } ], "notes": [ { "category": "general", "text": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-2996", "url": "https://www.suse.com/security/cve/CVE-2017-2996" }, { "category": "external", "summary": "SUSE Bug 1025258 for CVE-2017-2996", "url": "https://bugzilla.suse.com/1025258" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-24.0.0.221-158.1.x86_64", "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-24.0.0.221-158.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2017-02-20T12:06:55Z", "details": "critical" } ], "title": "CVE-2017-2996" } ] }
fkie_cve-2017-2987
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
adobe | flash_player | * | |
apple | mac_os_x | - | |
chrome_os | - | ||
linux | linux_kernel | - | |
microsoft | windows | - | |
adobe | flash_player | * | |
adobe | flash_player | * | |
microsoft | windows_10 | - | |
microsoft | windows_8.1 | - | |
adobe | flash_player_desktop_runtime | * | |
apple | mac_os_x | - | |
linux | linux_kernel | - | |
microsoft | windows | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*", "matchCriteriaId": "72027AB8-CD81-4DC3-9898-F4CE2BAE309A", "versionEndIncluding": "24.0.0.194", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false }, { "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*", "matchCriteriaId": "DB881360-123D-413E-88F3-C402DD92D1D1", "versionEndIncluding": "24.0.0.194", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*", "matchCriteriaId": "A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB", "versionEndIncluding": "24.0.0.194", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAA0C4E6-7324-424C-A7C8-DEE39551A847", "versionEndIncluding": "24.0.0.194", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution." }, { "lang": "es", "value": "Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de desbordamiento de entero relacionada con Flash Broker COM. La explotaci\u00f3n exitosa podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], "id": "CVE-2017-2987", "lastModified": "2025-04-20T01:37:25.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-02-15T06:59:00.620", "references": [ { "source": "psirt@adobe.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html" }, { "source": "psirt@adobe.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/96194" }, { "source": "psirt@adobe.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1037815" }, { "source": "psirt@adobe.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" }, { "source": "psirt@adobe.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201702-20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/96194" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1037815" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201702-20" } ], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
ghsa-cqr9-g2qv-xv6v
Vulnerability from github
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.
{ "affected": [], "aliases": [ "CVE-2017-2987" ], "database_specific": { "cwe_ids": [ "CWE-190" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2017-02-15T06:59:00Z", "severity": "CRITICAL" }, "details": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.", "id": "GHSA-cqr9-g2qv-xv6v", "modified": "2022-05-14T03:54:52Z", "published": "2022-05-14T03:54:52Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2987" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201702-20" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/96194" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1037815" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.