SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0296-1 Rating: critical References: #803485 Cross-References: CVE-2013-0637 CVE-2013-0638 CVE-2013-0639 CVE-2013-0642 CVE-2013-0644 CVE-2013-0645 CVE-2013-0647 CVE-2013-0649 CVE-2013-1365 CVE-2013-1366 CVE-2013-1367 CVE-2013-1368 CVE-2013-1369 CVE-2013-1370 CVE-2013-1372 CVE-2013-1373 CVE-2013-1374 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. It includes one version update. Description: This update for flash-player to version 11.2.202.270, tracked as ABSP13-05 <ttp://www.adobe.com/support/security/bulletins/apsb13-05.ht ml> , contains fixes for the following security issues: * Several buffer overflow vulnerabilities that could lead to code execution. (CVE-2013-0642 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0642
- Use-after-free vulnerabilities that could lead to code execution. ( CVE-2013-0644 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0644
- An integer overflow vulnerability that could lead to code execution. ( CVE-2013-0639 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0639
- Two memory corruption vulnerabilities that could lead to code execution. (CVE-2013-0638 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0638
- An information disclosure vulnerability. (CVE-2013-0637 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0637
)
, CVE-2013-0647 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0647 )
)
, CVE-2013-0649 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0649 , CVE-2013-1374 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1374 )
, CVE-2013-0645 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0645 , CVE-2013-1365 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1365 , CVE-2013-1366 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1366 , CVE-2013-1367 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1367 , CVE-2013-1368 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1368 , CVE-2013-1369 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1369 , CVE-2013-1370 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1370 , CVE-2013-1372 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1372 , CVE-2013-1373 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1373 )
Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-7338 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.270]: flash-player-11.2.202.270-0.3.1 flash-player-gnome-11.2.202.270-0.3.1 flash-player-kde4-11.2.202.270-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.270]: flash-player-11.2.202.270-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-0637.html http://support.novell.com/security/cve/CVE-2013-0638.html http://support.novell.com/security/cve/CVE-2013-0639.html http://support.novell.com/security/cve/CVE-2013-0642.html http://support.novell.com/security/cve/CVE-2013-0644.html http://support.novell.com/security/cve/CVE-2013-0645.html http://support.novell.com/security/cve/CVE-2013-0647.html http://support.novell.com/security/cve/CVE-2013-0649.html http://support.novell.com/security/cve/CVE-2013-1365.html http://support.novell.com/security/cve/CVE-2013-1366.html http://support.novell.com/security/cve/CVE-2013-1367.html http://support.novell.com/security/cve/CVE-2013-1368.html http://support.novell.com/security/cve/CVE-2013-1369.html http://support.novell.com/security/cve/CVE-2013-1370.html http://support.novell.com/security/cve/CVE-2013-1372.html http://support.novell.com/security/cve/CVE-2013-1373.html http://support.novell.com/security/cve/CVE-2013-1374.html https://bugzilla.novell.com/803485 http://download.novell.com/patch/finder/?keywords=3c1e2d8109d0393f30c137f2f4... http://download.novell.com/patch/finder/?keywords=bd904e708bb0e01638db2f0e3e... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org