Mailinglist Archive: opensuse-security-announce (21 mails)

< Previous Next >
[security-announce] openSUSE-SU-2015:0725-1: important: Security update for Adobe Flash Player
openSUSE Security Update: Security update for Adobe Flash Player
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:0725-1
Rating: important
References: #856386 #901334 #905032 #907257 #909219 #913057
#914333 #914463 #922033 #927089
Cross-References: CVE-2014-0558 CVE-2014-0564 CVE-2014-0569
CVE-2014-0573 CVE-2014-0574 CVE-2014-0576
CVE-2014-0577 CVE-2014-0581 CVE-2014-0582
CVE-2014-0583 CVE-2014-0584 CVE-2014-0585
CVE-2014-0586 CVE-2014-0588 CVE-2014-0589
CVE-2014-0590 CVE-2014-8437 CVE-2014-8438
CVE-2014-8440 CVE-2014-8441 CVE-2014-8442
CVE-2015-0331 CVE-2015-0332 CVE-2015-0346
CVE-2015-0347 CVE-2015-0348 CVE-2015-0349
CVE-2015-0350 CVE-2015-0351 CVE-2015-0352
CVE-2015-0353 CVE-2015-0354 CVE-2015-0355
CVE-2015-0356 CVE-2015-0357 CVE-2015-0358
CVE-2015-0359 CVE-2015-0360 CVE-2015-3038
CVE-2015-3039 CVE-2015-3040 CVE-2015-3041
CVE-2015-3042 CVE-2015-3043 CVE-2015-3044

Affected Products:
openSUSE Evergreen 11.4
______________________________________________________________________________

An update that fixes 45 vulnerabilities is now available.

Description:

Adobe Flash Player was updated to 11.2.202.457 to fix several security
issues that could lead to remote code execution.

An exploit for CVE-2015-3043 was reported to exist in the wild.

The following vulnerabilities were fixed:

* Memory corruption vulnerabilities that could lead to code execution
(CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,
CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,
CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).
* Type confusion vulnerability that could lead to code execution
(CVE-2015-0356).
* Buffer overflow vulnerability that could lead to code execution
(CVE-2015-0348).
* Use-after-free vulnerabilities that could lead to code execution
(CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).
* Double-free vulnerabilities that could lead to code execution
(CVE-2015-0346, CVE-2015-0359).
* Memory leak vulnerabilities that could be used to bypass ASLR
(CVE-2015-0357, CVE-2015-3040).
* Security bypass vulnerability that could lead to information disclosure
(CVE-2015-3044)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Evergreen 11.4:

zypper in -t patch 2015-13=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Evergreen 11.4 (i586 x86_64):

flash-player-11.2.202.457-158.1
flash-player-gnome-11.2.202.457-158.1
flash-player-kde4-11.2.202.457-158.1


References:

https://www.suse.com/security/cve/CVE-2014-0558.html
https://www.suse.com/security/cve/CVE-2014-0564.html
https://www.suse.com/security/cve/CVE-2014-0569.html
https://www.suse.com/security/cve/CVE-2014-0573.html
https://www.suse.com/security/cve/CVE-2014-0574.html
https://www.suse.com/security/cve/CVE-2014-0576.html
https://www.suse.com/security/cve/CVE-2014-0577.html
https://www.suse.com/security/cve/CVE-2014-0581.html
https://www.suse.com/security/cve/CVE-2014-0582.html
https://www.suse.com/security/cve/CVE-2014-0583.html
https://www.suse.com/security/cve/CVE-2014-0584.html
https://www.suse.com/security/cve/CVE-2014-0585.html
https://www.suse.com/security/cve/CVE-2014-0586.html
https://www.suse.com/security/cve/CVE-2014-0588.html
https://www.suse.com/security/cve/CVE-2014-0589.html
https://www.suse.com/security/cve/CVE-2014-0590.html
https://www.suse.com/security/cve/CVE-2014-8437.html
https://www.suse.com/security/cve/CVE-2014-8438.html
https://www.suse.com/security/cve/CVE-2014-8440.html
https://www.suse.com/security/cve/CVE-2014-8441.html
https://www.suse.com/security/cve/CVE-2014-8442.html
https://www.suse.com/security/cve/CVE-2015-0331.html
https://www.suse.com/security/cve/CVE-2015-0332.html
https://www.suse.com/security/cve/CVE-2015-0346.html
https://www.suse.com/security/cve/CVE-2015-0347.html
https://www.suse.com/security/cve/CVE-2015-0348.html
https://www.suse.com/security/cve/CVE-2015-0349.html
https://www.suse.com/security/cve/CVE-2015-0350.html
https://www.suse.com/security/cve/CVE-2015-0351.html
https://www.suse.com/security/cve/CVE-2015-0352.html
https://www.suse.com/security/cve/CVE-2015-0353.html
https://www.suse.com/security/cve/CVE-2015-0354.html
https://www.suse.com/security/cve/CVE-2015-0355.html
https://www.suse.com/security/cve/CVE-2015-0356.html
https://www.suse.com/security/cve/CVE-2015-0357.html
https://www.suse.com/security/cve/CVE-2015-0358.html
https://www.suse.com/security/cve/CVE-2015-0359.html
https://www.suse.com/security/cve/CVE-2015-0360.html
https://www.suse.com/security/cve/CVE-2015-3038.html
https://www.suse.com/security/cve/CVE-2015-3039.html
https://www.suse.com/security/cve/CVE-2015-3040.html
https://www.suse.com/security/cve/CVE-2015-3041.html
https://www.suse.com/security/cve/CVE-2015-3042.html
https://www.suse.com/security/cve/CVE-2015-3043.html
https://www.suse.com/security/cve/CVE-2015-3044.html
https://bugzilla.suse.com/856386
https://bugzilla.suse.com/901334
https://bugzilla.suse.com/905032
https://bugzilla.suse.com/907257
https://bugzilla.suse.com/909219
https://bugzilla.suse.com/913057
https://bugzilla.suse.com/914333
https://bugzilla.suse.com/914463
https://bugzilla.suse.com/922033
https://bugzilla.suse.com/927089

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages