{ "Definition": [ { "ID": "oval:org.altlinux.errata:def:20162266", "Version": "oval:org.altlinux.errata:def:20162266", "Class": "patch", "Metadata": { "Title": "ALT-PU-2016-2266: package `adobe-flash-player-ppapi` update to version 23-alt7", "AffectedList": [ { "Family": "unix", "Platforms": [ "ALT Linux branch c10f1" ], "Products": [ "ALT SP Workstation", "ALT SP Server" ] } ], "References": [ { "RefID": "ALT-PU-2016-2266", "RefURL": "https://errata.altlinux.org/ALT-PU-2016-2266", "Source": "ALTPU" }, { "RefID": "CVE-2016-7857", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7857", "Source": "CVE" }, { "RefID": "CVE-2016-7858", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7858", "Source": "CVE" }, { "RefID": "CVE-2016-7859", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7859", "Source": "CVE" }, { "RefID": "CVE-2016-7860", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7860", "Source": "CVE" }, { "RefID": "CVE-2016-7861", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7861", "Source": "CVE" }, { "RefID": "CVE-2016-7862", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7862", "Source": "CVE" }, { "RefID": "CVE-2016-7863", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7863", "Source": "CVE" }, { "RefID": "CVE-2016-7864", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7864", "Source": "CVE" }, { "RefID": "CVE-2016-7865", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7865", "Source": "CVE" } ], "Description": "This update upgrades adobe-flash-player-ppapi to version 23-alt7. \nSecurity Fix(es):\n\n * CVE-2016-7857: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2016-7858: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2016-7859: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2016-7860: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2016-7861: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2016-7862: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2016-7863: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2016-7864: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2016-7865: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.", "Advisory": { "From": "errata.altlinux.org", "Severity": "High", "Rights": "Copyright 2024 BaseALT Ltd.", "Issued": { "Date": "2016-11-09" }, "Updated": { "Date": "2016-11-09" }, "BDUs": null, "CVEs": [ { "ID": "CVE-2016-7857", "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7857", "Impact": "High", "Public": "20161108" }, { "ID": "CVE-2016-7858", "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7858", "Impact": "High", "Public": "20161108" }, { "ID": "CVE-2016-7859", "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7859", "Impact": "High", "Public": "20161108" }, { "ID": "CVE-2016-7860", "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-704", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7860", "Impact": "High", "Public": "20161108" }, { "ID": "CVE-2016-7861", "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-704", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7861", "Impact": "High", "Public": "20161108" }, { "ID": "CVE-2016-7862", "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7862", "Impact": "High", "Public": "20161108" }, { "ID": "CVE-2016-7863", "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7863", "Impact": "High", "Public": "20161108" }, { "ID": "CVE-2016-7864", "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7864", "Impact": "High", "Public": "20161108" }, { "ID": "CVE-2016-7865", "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-704", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7865", "Impact": "High", "Public": "20161108" } ], "AffectedCPEs": { "CPEs": [ "cpe:/o:alt:spworkstation:10", "cpe:/o:alt:spserver:10" ] } } }, "Criteria": { "Operator": "AND", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:4001", "Comment": "ALT Linux must be installed" } ], "Criterias": [ { "Operator": "OR", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:20162266001", "Comment": "i586-ppapi-plugin-adobe-flash is earlier than 3:23.0.0.207-alt7" }, { "TestRef": "oval:org.altlinux.errata:tst:20162266002", "Comment": "ppapi-plugin-adobe-flash is earlier than 3:23.0.0.207-alt7" } ] } ] } } ] }