[security-announce] openSUSE-SU-2015:0725-1: important: Security update for Adobe Flash Player

news · April 16, 2015

openSUSE Security Update: Security update for Adobe Flash Player

______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:0725-1

Rating: important

References: #856386 #901334 #905032 #907257 #909219 #913057

#914333 #914463 #922033 #927089

Cross-References: CVE-2014-0558 CVE-2014-0564 CVE-2014-0569

CVE-2014-0573 CVE-2014-0574 CVE-2014-0576

CVE-2014-0577 CVE-2014-0581 CVE-2014-0582

CVE-2014-0583 CVE-2014-0584 CVE-2014-0585

CVE-2014-0586 CVE-2014-0588 CVE-2014-0589

CVE-2014-0590 CVE-2014-8437 CVE-2014-8438

CVE-2014-8440 CVE-2014-8441 CVE-2014-8442

CVE-2015-0331 CVE-2015-0332 CVE-2015-0346

CVE-2015-0347 CVE-2015-0348 CVE-2015-0349

CVE-2015-0350 CVE-2015-0351 CVE-2015-0352

CVE-2015-0353 CVE-2015-0354 CVE-2015-0355

CVE-2015-0356 CVE-2015-0357 CVE-2015-0358

CVE-2015-0359 CVE-2015-0360 CVE-2015-3038

CVE-2015-3039 CVE-2015-3040 CVE-2015-3041

CVE-2015-3042 CVE-2015-3043 CVE-2015-3044

Affected Products:

openSUSE Evergreen 11.4

______________________________________________________________________________

An update that fixes 45 vulnerabilities is now available.

Description:

Adobe Flash Player was updated to 11.2.202.457 to fix several security

issues that could lead to remote code execution.

An exploit for CVE-2015-3043 was reported to exist in the wild.

The following vulnerabilities were fixed:

* Memory corruption vulnerabilities that could lead to code execution

(CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,

CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,

CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).

* Type confusion vulnerability that could lead to code execution

(CVE-2015-0356).

* Buffer overflow vulnerability that could lead to code execution

(CVE-2015-0348).

* Use-after-free vulnerabilities that could lead to code execution

(CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).

* Double-free vulnerabilities that could lead to code execution

(CVE-2015-0346, CVE-2015-0359).

* Memory leak vulnerabilities that could be used to bypass ASLR

(CVE-2015-0357, CVE-2015-3040).

* Security bypass vulnerability that could lead to information disclosure

(CVE-2015-3044)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Evergreen 11.4:

zypper in -t patch 2015-13=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE Evergreen 11.4 (i586 x86_64):

flash-player-11.2.202.457-158.1

flash-player-gnome-11.2.202.457-158.1

flash-player-kde4-11.2.202.457-158.1

References:

https://www.suse.com/security/cve/CVE-2014-0558.html

https://www.suse.com/security/cve/CVE-2014-0564.html

https://www.suse.com/security/cve/CVE-2014-0569.html

https://www.suse.com/security/cve/CVE-2014-0573.html

https://www.suse.com/security/cve/CVE-2014-0574.html

https://www.suse.com/security/cve/CVE-2014-0576.html

https://www.suse.com/security/cve/CVE-2014-0577.html

https://www.suse.com/security/cve/CVE-2014-0581.html

https://www.suse.com/security/cve/CVE-2014-0582.html

https://www.suse.com/security/cve/CVE-2014-0583.html

https://www.suse.com/security/cve/CVE-2014-0584.html

https://www.suse.com/security/cve/CVE-2014-0585.html

https://www.suse.com/security/cve/CVE-2014-0586.html

https://www.suse.com/security/cve/CVE-2014-0588.html

https://www.suse.com/security/cve/CVE-2014-0589.html

https://www.suse.com/security/cve/CVE-2014-0590.html

https://www.suse.com/security/cve/CVE-2014-8437.html

https://www.suse.com/security/cve/CVE-2014-8438.html

https://www.suse.com/security/cve/CVE-2014-8440.html

https://www.suse.com/security/cve/CVE-2014-8441.html

https://www.suse.com/security/cve/CVE-2014-8442.html

https://www.suse.com/security/cve/CVE-2015-0331.html

https://www.suse.com/security/cve/CVE-2015-0332.html

https://www.suse.com/security/cve/CVE-2015-0346.html

https://www.suse.com/security/cve/CVE-2015-0347.html

https://www.suse.com/security/cve/CVE-2015-0348.html

https://www.suse.com/security/cve/CVE-2015-0349.html

https://www.suse.com/security/cve/CVE-2015-0350.html

https://www.suse.com/security/cve/CVE-2015-0351.html

https://www.suse.com/security/cve/CVE-2015-0352.html

https://www.suse.com/security/cve/CVE-2015-0353.html

https://www.suse.com/security/cve/CVE-2015-0354.html

https://www.suse.com/security/cve/CVE-2015-0355.html

https://www.suse.com/security/cve/CVE-2015-0356.html

https://www.suse.com/security/cve/CVE-2015-0357.html

https://www.suse.com/security/cve/CVE-2015-0358.html

https://www.suse.com/security/cve/CVE-2015-0359.html

https://www.suse.com/security/cve/CVE-2015-0360.html

https://www.suse.com/security/cve/CVE-2015-3038.html

https://www.suse.com/security/cve/CVE-2015-3039.html

https://www.suse.com/security/cve/CVE-2015-3040.html

https://www.suse.com/security/cve/CVE-2015-3041.html

https://www.suse.com/security/cve/CVE-2015-3042.html

https://www.suse.com/security/cve/CVE-2015-3043.html

https://www.suse.com/security/cve/CVE-2015-3044.html

https://bugzilla.suse.com/856386

https://bugzilla.suse.com/901334

https://bugzilla.suse.com/905032

https://bugzilla.suse.com/907257

https://bugzilla.suse.com/909219

https://bugzilla.suse.com/913057

https://bugzilla.suse.com/914333

https://bugzilla.suse.com/914463

https://bugzilla.suse.com/922033

https://bugzilla.suse.com/927089

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Sign In

[security-announce] openSUSE-SU-2015:0725-1: important: Security update for Adobe Flash Player

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity