SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1124-1 Rating: important References: #895856 Cross-References: CVE-2014-0547 CVE-2014-0548 CVE-2014-0549 CVE-2014-0550 CVE-2014-0551 CVE-2014-0552 CVE-2014-0553 CVE-2014-0554 CVE-2014-0555 CVE-2014-0556 CVE-2014-0557 CVE-2014-0559 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. It includes one version update. Description: Adobe Flash Player has been updated to 11.2.202.406 which fixes various security issues. These updates: * resolve a memory leakage vulnerability that could have been used to bypass memory address randomization (CVE-2014-0557). * resolve a security bypass vulnerability (CVE-2014-0554). * resolve a use-after-free vulnerability that could have lead to code execution (CVE-2014-0553). * resolve memory corruption vulnerabilities that could have lead to code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555). * resolve a vulnerability that could have been used to bypass the same origin policy (CVE-2014-0548). * resolve a heap buffer overflow vulnerability that could have lead to code execution (CVE-2014-0556, CVE-2014-0559). More information can be found on http://helpx.adobe.com/security/products/flash-player/apsb14-21.html <http://helpx.adobe.com/security/products/flash-player/apsb14-21.html> Security Issues: * CVE-2014-0547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0547> * CVE-2014-0548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0548> * CVE-2014-0549 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0549> * CVE-2014-0550 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0550> * CVE-2014-0551 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0551> * CVE-2014-0552 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0552> * CVE-2014-0553 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0553> * CVE-2014-0554 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0554> * CVE-2014-0555 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0555> * CVE-2014-0556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0556> * CVE-2014-0557 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0557> * CVE-2014-0559 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0559> Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-9704 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.406]: flash-player-11.2.202.406-0.3.1 flash-player-gnome-11.2.202.406-0.3.1 flash-player-kde4-11.2.202.406-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-0547.html http://support.novell.com/security/cve/CVE-2014-0548.html http://support.novell.com/security/cve/CVE-2014-0549.html http://support.novell.com/security/cve/CVE-2014-0550.html http://support.novell.com/security/cve/CVE-2014-0551.html http://support.novell.com/security/cve/CVE-2014-0552.html http://support.novell.com/security/cve/CVE-2014-0553.html http://support.novell.com/security/cve/CVE-2014-0554.html http://support.novell.com/security/cve/CVE-2014-0555.html http://support.novell.com/security/cve/CVE-2014-0556.html http://support.novell.com/security/cve/CVE-2014-0557.html http://support.novell.com/security/cve/CVE-2014-0559.html https://bugzilla.novell.com/895856 http://download.suse.com/patch/finder/?keywords=3bb66ba5895adc6dc1e2753dafc4... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org