ID de Prueba:	1.3.6.1.4.1.25623.1.0.131312
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0134)
Resumen:	The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2016-0134 advisory.
Descripción:	Summary: The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2016-0134 advisory. Vulnerability Insight: Adobe Flash Player 11.2.202.616 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update hardens a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations (CVE-2016-1006). This update resolves type confusion vulnerabilities that could lead to code execution (CVE-2016-1015, CVE-2016-1019). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, CVE-2016-1031). This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033). This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2016-1018). This update resolves a security bypass vulnerability (CVE-2016-1030). This update resolves a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-1014). Adobe reports that CVE-2016-1019 is already being actively exploited on Windows systems. Affected Software/OS: 'flash-player-plugin' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1006 Microsoft Security Bulletin: MS16-050 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 RedHat Security Advisories: RHSA-2016:0610 http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securitytracker.com/id/1035509 SuSE Security Announcement: SUSE-SU-2016:1305 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html SuSE Security Announcement: openSUSE-SU-2016:1306 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1011 BugTraq ID: 85926 http://www.securityfocus.com/bid/85926 https://www.exploit-db.com/exploits/39779/ http://packetstormsecurity.com/files/137050/Adobe-Flash-MovieClip.duplicateMovieClip-Use-After-Free.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1012 BugTraq ID: 85932 http://www.securityfocus.com/bid/85932 Common Vulnerability Exposure (CVE) ID: CVE-2016-1013 https://www.exploit-db.com/exploits/39778/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1014 Bugtraq: 20160617 [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player (Google Search) http://www.securityfocus.com/archive/1/538699/100/0/threaded http://seclists.org/fulldisclosure/2016/Jun/39 http://packetstormsecurity.com/files/137532/Adobe-Flash-Player-DLL-Hijacking.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1015 BugTraq ID: 85930 http://www.securityfocus.com/bid/85930 http://www.zerodayinitiative.com/advisories/ZDI-16-227/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1016 http://www.zerodayinitiative.com/advisories/ZDI-16-226/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1017 http://www.zerodayinitiative.com/advisories/ZDI-16-225/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1018 http://www.zerodayinitiative.com/advisories/ZDI-16-228/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1019 BugTraq ID: 85856 http://www.securityfocus.com/bid/85856 https://security.gentoo.org/glsa/201606-08 https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html http://www.securitytracker.com/id/1035491 SuSE Security Announcement: SUSE-SU-2016:0990 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html SuSE Security Announcement: openSUSE-SU-2016:0987 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html SuSE Security Announcement: openSUSE-SU-2016:0997 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html SuSE Security Announcement: openSUSE-SU-2016:1157 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1020 Common Vulnerability Exposure (CVE) ID: CVE-2016-1021 Common Vulnerability Exposure (CVE) ID: CVE-2016-1022 Common Vulnerability Exposure (CVE) ID: CVE-2016-1023 Common Vulnerability Exposure (CVE) ID: CVE-2016-1024 Common Vulnerability Exposure (CVE) ID: CVE-2016-1025 Common Vulnerability Exposure (CVE) ID: CVE-2016-1026 Common Vulnerability Exposure (CVE) ID: CVE-2016-1027 Common Vulnerability Exposure (CVE) ID: CVE-2016-1028 Common Vulnerability Exposure (CVE) ID: CVE-2016-1029 Common Vulnerability Exposure (CVE) ID: CVE-2016-1030 Common Vulnerability Exposure (CVE) ID: CVE-2016-1031 Common Vulnerability Exposure (CVE) ID: CVE-2016-1032 Common Vulnerability Exposure (CVE) ID: CVE-2016-1033
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.