SUSE Security Update: flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:0640-1 Rating: critical References: #699942 Cross-References: CVE-2011-2110 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption vulnerability (CVE-2011-2110) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious Web pages. Security Issue references: * CVE-2011-2110 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2110

Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-flash-player-4715 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 10.3.181.26]: flash-player-10.3.181.26-0.2.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 10.3.181.26]: flash-player-10.3.181.26-0.5.1 References: http://support.novell.com/security/cve/CVE-2011-2110.html https://bugzilla.novell.com/699942 http://download.novell.com/patch/finder/?keywords=3346ccf604c46cb248821ffe1c... http://download.novell.com/patch/finder/?keywords=c08bf73825177b7fc078941d64... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org