Oval Definition:oval:com.ubuntu.precise:def:20155571000
Revision Date:2015-09-22Version:1
Title:CVE-2015-5571 on Ubuntu 12.04 LTS (precise) - medium.
Description:Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2015-5571
Platform(s):Ubuntu 12.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 12.04 LTS (precise) is installed.
  • AND Package Information
  • The 'adobe-flashplugin' package in precise was vulnerable but has been fixed (note: '1:20150921.1-0precise1').
  • OR The 'flashplugin-nonfree' package in precise was vulnerable but has been fixed (note: '11.2.202.521ubuntu0.12.04.1').
    • BACK