SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0493-1 Rating: critical References: #922033 Cross-References: CVE-2015-0332 CVE-2015-0333 CVE-2015-0334 CVE-2015-0335 CVE-2015-0336 CVE-2015-0337 CVE-2015-0338 CVE-2015-0339 CVE-2015-0340 CVE-2015-0341 CVE-2015-0342 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. It includes one version update. Description: flash-player has been updated to fix eleven security vulnerabilities: * Memory corruption vulnerabilities that could have lead to code execution (CVE-2016-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339). * Type confusion vulnerabilities that could have lead to code execution (CVE-2015-0334, CVE-2015-0336). * A vulnerability that could have lead to a cross-domain policy bypass (CVE-2015-0337). * A vulnerability that could have lead to a file upload restriction bypass (CVE-2015-0340). * An integer overflow vulnerability that could have lead to code execution (CVE-2015-0338). * Use-after-free vulnerabilities that could have lead to code execution (CVE-2015-0341, CVE-2015-0342). Security Issues: * CVE-2015-0332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0332 * CVE-2015-0333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0333 * CVE-2015-0334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0334 * CVE-2015-0335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0335 * CVE-2015-0336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0336 * CVE-2015-0337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0337 * CVE-2015-0338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0338 * CVE-2015-0339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0339 * CVE-2015-0340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0340 * CVE-2015-0341 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0341 * CVE-2015-0342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0342 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player=10458 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.451]: flash-player-11.2.202.451-0.3.1 flash-player-gnome-11.2.202.451-0.3.1 flash-player-kde4-11.2.202.451-0.3.1 References: http://support.novell.com/security/cve/CVE-2015-0332.html http://support.novell.com/security/cve/CVE-2015-0333.html http://support.novell.com/security/cve/CVE-2015-0334.html http://support.novell.com/security/cve/CVE-2015-0335.html http://support.novell.com/security/cve/CVE-2015-0336.html http://support.novell.com/security/cve/CVE-2015-0337.html http://support.novell.com/security/cve/CVE-2015-0338.html http://support.novell.com/security/cve/CVE-2015-0339.html http://support.novell.com/security/cve/CVE-2015-0340.html http://support.novell.com/security/cve/CVE-2015-0341.html http://support.novell.com/security/cve/CVE-2015-0342.html https://bugzilla.suse.com/922033 http://download.suse.com/patch/finder/?keywords=fbb467a958f816fafdae5a6e214f... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org