Security update for flash-player SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0491-1 Final 1 1 2015-03-16T09:30:35Z current 2015-03-16T09:30:35Z 2015-03-16T09:30:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for flash-player Adobe Flash Player was updated to 11.2.202.451 (bsc#922033). These security issues were fixed: - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0334, CVE-2015-0336). - A vulnerability that could lead to a cross-domain policy bypass (CVE-2015-0337). - A vulnerability that could lead to a file upload restriction bypass (CVE-2015-0340). - An integer overflow vulnerability that could lead to code execution (CVE-2015-0338). - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0341, CVE-2015-0342). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-2015-120,SUSE-SLE-WE-12-2015-120 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1/ Link for SUSE-SU-2015:0491-1 https://lists.suse.com/pipermail/sle-security-updates/2015-March/001285.html E-Mail link for SUSE-SU-2015:0491-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/922033 SUSE Bug 922033 https://www.suse.com/security/cve/CVE-2015-0332/ SUSE CVE CVE-2015-0332 page https://www.suse.com/security/cve/CVE-2015-0333/ SUSE CVE CVE-2015-0333 page https://www.suse.com/security/cve/CVE-2015-0334/ SUSE CVE CVE-2015-0334 page https://www.suse.com/security/cve/CVE-2015-0335/ SUSE CVE CVE-2015-0335 page https://www.suse.com/security/cve/CVE-2015-0336/ SUSE CVE CVE-2015-0336 page https://www.suse.com/security/cve/CVE-2015-0337/ SUSE CVE CVE-2015-0337 page https://www.suse.com/security/cve/CVE-2015-0338/ SUSE CVE CVE-2015-0338 page https://www.suse.com/security/cve/CVE-2015-0339/ SUSE CVE CVE-2015-0339 page https://www.suse.com/security/cve/CVE-2015-0340/ SUSE CVE CVE-2015-0340 page https://www.suse.com/security/cve/CVE-2015-0341/ SUSE CVE CVE-2015-0341 page https://www.suse.com/security/cve/CVE-2015-0342/ SUSE CVE CVE-2015-0342 page SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Workstation Extension 12 flash-player-11.2.202.451-77.1 flash-player-gnome-11.2.202.451-77.1 flash-player-11.2.202.451-77.1 as a component of SUSE Linux Enterprise Desktop 12 flash-player-gnome-11.2.202.451-77.1 as a component of SUSE Linux Enterprise Desktop 12 flash-player-11.2.202.451-77.1 as a component of SUSE Linux Enterprise Workstation Extension 12 flash-player-gnome-11.2.202.451-77.1 as a component of SUSE Linux Enterprise Workstation Extension 12 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0333, CVE-2015-0335, and CVE-2015-0339. CVE-2015-0332 SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.451-77.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1/ https://www.suse.com/security/cve/CVE-2015-0332.html CVE-2015-0332 https://bugzilla.suse.com/922033 SUSE Bug 922033 https://bugzilla.suse.com/922296 SUSE Bug 922296 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0335, and CVE-2015-0339. CVE-2015-0333 SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.451-77.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1/ https://www.suse.com/security/cve/CVE-2015-0333.html CVE-2015-0333 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0336. CVE-2015-0334 SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.451-77.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1/ https://www.suse.com/security/cve/CVE-2015-0334.html CVE-2015-0334 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0339. CVE-2015-0335 SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.451-77.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1/ https://www.suse.com/security/cve/CVE-2015-0335.html CVE-2015-0335 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334. CVE-2015-0336 SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.451-77.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1/ https://www.suse.com/security/cve/CVE-2015-0336.html CVE-2015-0336 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2015-0337 SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.451-77.1 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1/ https://www.suse.com/security/cve/CVE-2015-0337.html CVE-2015-0337 https://bugzilla.suse.com/922033 SUSE Bug 922033 Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors. CVE-2015-0338 SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.451-77.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1/ https://www.suse.com/security/cve/CVE-2015-0338.html CVE-2015-0338 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0335. CVE-2015-0339 SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.451-77.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1/ https://www.suse.com/security/cve/CVE-2015-0339.html CVE-2015-0339 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions via unspecified vectors. CVE-2015-0340 SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.451-77.1 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1/ https://www.suse.com/security/cve/CVE-2015-0340.html CVE-2015-0340 https://bugzilla.suse.com/922033 SUSE Bug 922033 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0342. CVE-2015-0341 SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.451-77.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1/ https://www.suse.com/security/cve/CVE-2015-0341.html CVE-2015-0341 https://bugzilla.suse.com/922033 SUSE Bug 922033 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0341. CVE-2015-0342 SUSE Linux Enterprise Desktop 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Desktop 12:flash-player-gnome-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-11.2.202.451-77.1 SUSE Linux Enterprise Workstation Extension 12:flash-player-gnome-11.2.202.451-77.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150491-1/ https://www.suse.com/security/cve/CVE-2015-0342.html CVE-2015-0342 https://bugzilla.suse.com/922033 SUSE Bug 922033