security update for flash-player SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1267-1 Final 1 1 2015-07-18T13:26:21Z current 2015-07-18T13:26:21Z 2015-07-18T13:26:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z security update for flash-player flash-player was updated to fix two security issues. These security issues were fixed: - CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function (bsc#937752). - CVE-2015-5122: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property (bsc#937752). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html E-Mail link for openSUSE-SU-2015:1267-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Evergreen 11.4 flash-player-11.2.202.491-173.1 flash-player-gnome-11.2.202.491-173.1 flash-player-kde4-11.2.202.491-173.1 flash-player-11.2.202.491-173.1 as a component of openSUSE Evergreen 11.4 flash-player-gnome-11.2.202.491-173.1 as a component of openSUSE Evergreen 11.4 flash-player-kde4-11.2.202.491-173.1 as a component of openSUSE Evergreen 11.4 Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. CVE-2015-5122 openSUSE Evergreen 11.4:flash-player-11.2.202.491-173.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.491-173.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.491-173.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html https://www.suse.com/security/cve/CVE-2015-5122.html CVE-2015-5122 https://bugzilla.suse.com/937752 SUSE Bug 937752 Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. CVE-2015-5123 openSUSE Evergreen 11.4:flash-player-11.2.202.491-173.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.491-173.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.491-173.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html https://www.suse.com/security/cve/CVE-2015-5123.html CVE-2015-5123 https://bugzilla.suse.com/937752 SUSE Bug 937752