| Beschreibung: | Summary:
The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2015-0218 advisory.
Vulnerability Insight:
Adobe Flash Player 11.2.202.460 contains fixes to critical security
vulnerabilities found in earlier versions that could cause a crash and
potentially allow an attacker to take control of the affected system.
This update resolves memory corruption vulnerabilities that could lead to
code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,
CVE-2015-3093).
This update resolves a heap overflow vulnerability that could lead to code
execution (CVE-2015-3088).
This update resolves a time-of-check time-of-use (TOCTOU) race condition
that could be exploited to bypass Protected Mode in Internet Explorer
(CVE-2015-3081).
This update resolves validation bypass issues that could be exploited to
write arbitrary data to the file system under user permissions
(CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).
This update resolves an integer overflow vulnerability that could lead to
code execution (CVE-2015-3087).
This update resolves a type confusion vulnerability that could lead to code
execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).
This update resolves a use-after-free vulnerability that could lead to code
execution (CVE-2015-3080).
This update resolves memory leak vulnerabilities that could be used to
bypass ASLR (CVE-2015-3091, CVE-2015-3092).
This update resolves a security bypass vulnerability that could lead to
information disclosure (CVE-2015-3079), and provides additional hardening
to protect against CVE-2015-3044.
Affected Software/OS:
'flash-player-plugin' package(s) on Mageia 4.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
