Test ID:	1.3.6.1.4.1.25623.1.0.131312
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2016-0134)
Summary:	The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2016-0134 advisory.
Description:	Summary: The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2016-0134 advisory. Vulnerability Insight: Adobe Flash Player 11.2.202.616 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update hardens a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations (CVE-2016-1006). This update resolves type confusion vulnerabilities that could lead to code execution (CVE-2016-1015, CVE-2016-1019). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, CVE-2016-1031). This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033). This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2016-1018). This update resolves a security bypass vulnerability (CVE-2016-1030). This update resolves a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-1014). Adobe reports that CVE-2016-1019 is already being actively exploited on Windows systems. Affected Software/OS: 'flash-player-plugin' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1006 Microsoft Security Bulletin: MS16-050 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 RedHat Security Advisories: RHSA-2016:0610 http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securitytracker.com/id/1035509 SuSE Security Announcement: SUSE-SU-2016:1305 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html SuSE Security Announcement: openSUSE-SU-2016:1306 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1011 BugTraq ID: 85926 http://www.securityfocus.com/bid/85926 https://www.exploit-db.com/exploits/39779/ http://packetstormsecurity.com/files/137050/Adobe-Flash-MovieClip.duplicateMovieClip-Use-After-Free.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1012 BugTraq ID: 85932 http://www.securityfocus.com/bid/85932 Common Vulnerability Exposure (CVE) ID: CVE-2016-1013 https://www.exploit-db.com/exploits/39778/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1014 Bugtraq: 20160617 [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player (Google Search) http://www.securityfocus.com/archive/1/538699/100/0/threaded http://seclists.org/fulldisclosure/2016/Jun/39 http://packetstormsecurity.com/files/137532/Adobe-Flash-Player-DLL-Hijacking.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1015 BugTraq ID: 85930 http://www.securityfocus.com/bid/85930 http://www.zerodayinitiative.com/advisories/ZDI-16-227/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1016 http://www.zerodayinitiative.com/advisories/ZDI-16-226/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1017 http://www.zerodayinitiative.com/advisories/ZDI-16-225/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1018 http://www.zerodayinitiative.com/advisories/ZDI-16-228/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1019 BugTraq ID: 85856 http://www.securityfocus.com/bid/85856 https://security.gentoo.org/glsa/201606-08 https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html http://www.securitytracker.com/id/1035491 SuSE Security Announcement: SUSE-SU-2016:0990 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html SuSE Security Announcement: openSUSE-SU-2016:0987 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html SuSE Security Announcement: openSUSE-SU-2016:0997 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html SuSE Security Announcement: openSUSE-SU-2016:1157 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1020 Common Vulnerability Exposure (CVE) ID: CVE-2016-1021 Common Vulnerability Exposure (CVE) ID: CVE-2016-1022 Common Vulnerability Exposure (CVE) ID: CVE-2016-1023 Common Vulnerability Exposure (CVE) ID: CVE-2016-1024 Common Vulnerability Exposure (CVE) ID: CVE-2016-1025 Common Vulnerability Exposure (CVE) ID: CVE-2016-1026 Common Vulnerability Exposure (CVE) ID: CVE-2016-1027 Common Vulnerability Exposure (CVE) ID: CVE-2016-1028 Common Vulnerability Exposure (CVE) ID: CVE-2016-1029 Common Vulnerability Exposure (CVE) ID: CVE-2016-1030 Common Vulnerability Exposure (CVE) ID: CVE-2016-1031 Common Vulnerability Exposure (CVE) ID: CVE-2016-1032 Common Vulnerability Exposure (CVE) ID: CVE-2016-1033
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.