RedHat: RHSA-2020-0513:01 Critical: flash-plugin security update

    Date16 Feb 2020
    384
    Posted ByLinuxSecurity Advisories
    An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Critical: flash-plugin security update
    Advisory ID:       RHSA-2020:0513-01
    Product:           Red Hat Enterprise Linux Supplementary
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0513
    Issue date:        2020-02-17
    CVE Names:         CVE-2020-3757 
    =====================================================================
    
    1. Summary:
    
    An update for flash-plugin is now available for Red Hat Enterprise Linux 6
    Supplementary.
    
    Red Hat Product Security has rated this update as having a security impact
    of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
    Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
    Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
    
    3. Description:
    
    The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
    Player web browser plug-in.
    
    This update upgrades Flash Player to version 32.0.0.330.
    
    Security Fix(es):
    
    * flash-plugin: Arbitrary Code Execution vulnerability (APSB20-06)
    (CVE-2020-3757)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1801792 - CVE-2020-3757 flash-plugin: Arbitrary Code Execution vulnerability (APSB20-06)
    
    6. Package List:
    
    Red Hat Enterprise Linux Desktop Supplementary (v. 6):
    
    i386:
    flash-plugin-32.0.0.330-1.el6_10.i686.rpm
    
    x86_64:
    flash-plugin-32.0.0.330-1.el6_10.i686.rpm
    
    Red Hat Enterprise Linux Server Supplementary (v. 6):
    
    i386:
    flash-plugin-32.0.0.330-1.el6_10.i686.rpm
    
    x86_64:
    flash-plugin-32.0.0.330-1.el6_10.i686.rpm
    
    Red Hat Enterprise Linux Workstation Supplementary (v. 6):
    
    i386:
    flash-plugin-32.0.0.330-1.el6_10.i686.rpm
    
    x86_64:
    flash-plugin-32.0.0.330-1.el6_10.i686.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2020-3757
    https://access.redhat.com/security/updates/classification/#critical
    https://helpx.adobe.com/security/products/flash-player/apsb20-06.html
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXkpNatzjgjWX9erEAQiFJhAAkVAMoiCbvCwWqGRy6OPXCEuRb8mLt3Hq
    8aJWOfGMNPbRGRsZuLwkh/sGjvs+hdKV45L0N41RAyaxUH4Ia4XyGTdVDMYnatoq
    4cJP9TSTlwNJUb3tNHsU0RZ9NRonGJ/O+iHzcPpxrqBJFGbDFPk5Rbm70x5Zmo74
    KzkW1qZrzgTu2Bj2y6Qw1GSsgJhUPl4VuHjDTAinkCyGHuuQnXHwWz0PEAwSn1GD
    xp7n0r6gzVZdQOoxyOkjpWYP4tiqclKwSI7nhOUWwd1+GSrq8KacFtqpIu6ze5MX
    24AYHiULFBfwV5YYQ9vTOSYXALaUGQnJfP6/xrz3qYeqjjLfZPYNjO+PV7aVV703
    jaUy+CAVfjzXKk3d4oCo4UlAnGPZmr1Jlq9N58ziKPKVe0mshjK7rV2iMNlK5rcy
    aGcAJ6MBbXbSOZ+stNy4T365XfCHti14rywOI2HuamnEqe1yyPBpz7hutBI7/fPp
    nEU491TgET0icB8yQGQH0oVP8CNl5SStAZNke/4OvYwB9NAOdGKFgA3BQw9jhrpV
    SDGy3FdpxtOPFc87n7lR8y5Q55xJUhaEXKauMbSGvA3+Amr/qbt9d6G5VTGece1o
    8guxmpQC5P6HwkYCo+8zSK4FjvfoqEN3nXzJ5Wxkv9EzDqnJ9Z5hBsjN2ip06OMz
    zp4s7W2jeoc=
    =J8Ca
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"53","type":"x","order":"1","pct":86.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"6","type":"x","order":"2","pct":9.84,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.28,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.