Oval Definition:	oval:com.redhat.rhsa:def:20111333
Revision Date: 2011-09-22 Version: 502 Title: RHSA-2011:1333: flash-plugin security update (Critical) Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-26, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2444) This update also fixes an information disclosure flaw in flash-plugin. (CVE-2011-2429) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.10. Family: unix Class: patch Status: Reference(s): CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2444 RHSA-2011:1333-01 Platform(s): Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Product(s): Definition Synopsis Release Information Red Hat Enterprise Linux 5 is installed AND flash-plugin is earlier than 0:10.3.183.10-1.el5 AND flash-plugin is signed with Red Hat redhatrelease key OR Package Information flash-plugin is earlier than 0:10.3.183.10-1.el6 AND flash-plugin is signed with Red Hat redhatrelease2 key AND Red Hat Enterprise Linux 6 Client is installed OR Red Hat Enterprise Linux 6 Server is installed OR Red Hat Enterprise Linux 6 Workstation is installed OR Red Hat Enterprise Linux 6 ComputeNode is installed
BACK