| Beschreibung: | Summary:
The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2016-0134 advisory.
Vulnerability Insight:
Adobe Flash Player 11.2.202.616 contains fixes to critical security
vulnerabilities found in earlier versions that could potentially allow
an attacker to take control of the affected system.
This update hardens a mitigation against JIT spraying attacks that could
be used to bypass memory layout randomization mitigations (CVE-2016-1006).
This update resolves type confusion vulnerabilities that could lead to code
execution (CVE-2016-1015, CVE-2016-1019).
This update resolves use-after-free vulnerabilities that could lead to code
execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1031).
This update resolves memory corruption vulnerabilities that could lead to code
execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033).
This update resolves a stack overflow vulnerability that could lead to code
execution (CVE-2016-1018).
This update resolves a security bypass vulnerability (CVE-2016-1030).
This update resolves a vulnerability in the directory search path used to find
resources that could lead to code execution (CVE-2016-1014).
Adobe reports that CVE-2016-1019 is already being actively exploited on Windows
systems.
Affected Software/OS:
'flash-player-plugin' package(s) on Mageia 5.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
