 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2015.0109 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2015-0109) |
| Summary: | The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2015-0109 advisory. |
| Description: | Summary: The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2015-0109 advisory. Vulnerability Insight: Adobe Flash Player 11.2.202.451 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339). This update resolves type confusion vulnerabilities that could lead to code execution (CVE-2015-0334, CVE-2015-0336). This update resolves a vulnerability that could lead to a cross-domain policy bypass (CVE-2015-0337). This update resolves a vulnerability that could lead to a file upload restriction bypass (CVE-2015-0340). This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2015-0338). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2015-0341, CVE-2015-0342). Additionally, the Flash Plugin package downloaded from Adobe is now verified using recorded sha256sum and file size instead of using insecure md5sum (mga#15229). Affected Software/OS: 'flash-player-plugin' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-0332 https://security.gentoo.org/glsa/201503-09 RedHat Security Advisories: RHSA-2015:0697 http://rhn.redhat.com/errata/RHSA-2015-0697.html http://www.securitytracker.com/id/1031922 SuSE Security Announcement: SUSE-SU-2015:0491 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.html SuSE Security Announcement: SUSE-SU-2015:0493 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.html SuSE Security Announcement: openSUSE-SU-2015:0490 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:0496 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.html SuSE Security Announcement: openSUSE-SU-2015:0725 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2015-0333 Common Vulnerability Exposure (CVE) ID: CVE-2015-0334 Common Vulnerability Exposure (CVE) ID: CVE-2015-0335 Common Vulnerability Exposure (CVE) ID: CVE-2015-0336 BugTraq ID: 73084 http://www.securityfocus.com/bid/73084 https://www.exploit-db.com/exploits/36962/ Common Vulnerability Exposure (CVE) ID: CVE-2015-0337 Common Vulnerability Exposure (CVE) ID: CVE-2015-0338 Common Vulnerability Exposure (CVE) ID: CVE-2015-0339 Common Vulnerability Exposure (CVE) ID: CVE-2015-0340 Common Vulnerability Exposure (CVE) ID: CVE-2015-0341 Common Vulnerability Exposure (CVE) ID: CVE-2015-0342 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |