SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0493-1 Rating: critical References: #922033 Cross-References: CVE-2015-0332 CVE-2015-0333 CVE-2015-0334 CVE-2015-0335 CVE-2015-0336 CVE-2015-0337 CVE-2015-0338 CVE-2015-0339 CVE-2015-0340 CVE-2015-0341 CVE-2015-0342 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. It includes one version update. Description: flash-player has been updated to fix eleven security vulnerabilities: * Memory corruption vulnerabilities that could have lead to code execution (CVE-2016-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339). * Type confusion vulnerabilities that could have lead to code execution (CVE-2015-0334, CVE-2015-0336). * A vulnerability that could have lead to a cross-domain policy bypass (CVE-2015-0337). * A vulnerability that could have lead to a file upload restriction bypass (CVE-2015-0340). * An integer overflow vulnerability that could have lead to code execution (CVE-2015-0338). * Use-after-free vulnerabilities that could have lead to code execution (CVE-2015-0341, CVE-2015-0342). Security Issues: * CVE-2015-0332 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0332> * CVE-2015-0333 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0333> * CVE-2015-0334 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0334> * CVE-2015-0335 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0335> * CVE-2015-0336 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0336> * CVE-2015-0337 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0337> * CVE-2015-0338 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0338> * CVE-2015-0339 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0339> * CVE-2015-0340 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0340> * CVE-2015-0341 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0341> * CVE-2015-0342 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0342> Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player=10458 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.451]: flash-player-11.2.202.451-0.3.1 flash-player-gnome-11.2.202.451-0.3.1 flash-player-kde4-11.2.202.451-0.3.1 References: http://support.novell.com/security/cve/CVE-2015-0332.html http://support.novell.com/security/cve/CVE-2015-0333.html http://support.novell.com/security/cve/CVE-2015-0334.html http://support.novell.com/security/cve/CVE-2015-0335.html http://support.novell.com/security/cve/CVE-2015-0336.html http://support.novell.com/security/cve/CVE-2015-0337.html http://support.novell.com/security/cve/CVE-2015-0338.html http://support.novell.com/security/cve/CVE-2015-0339.html http://support.novell.com/security/cve/CVE-2015-0340.html http://support.novell.com/security/cve/CVE-2015-0341.html http://support.novell.com/security/cve/CVE-2015-0342.html https://bugzilla.suse.com/922033 http://download.suse.com/patch/finder/?keywords=fbb467a958f816fafdae5a6e214f... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org