Security update for flash-player SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:1614-1 Final 1 1 2015-09-22T15:14:04Z current 2015-09-22T15:14:04Z 2015-09-22T15:14:04Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for flash-player Adobe Flash Player was updated to 11.2.202.521 (APSB15-23 bsc#946880) fixing several security issues: More information can be found on: https://helpx.adobe.com/security/products/flash-player/apsb15-23.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sledsp3-flash-player-12101,sledsp4-flash-player-12101 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ Link for SUSE-SU-2015:1614-1 https://lists.suse.com/pipermail/sle-security-updates/2015-September/001600.html E-Mail link for SUSE-SU-2015:1614-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/946880 SUSE Bug 946880 https://www.suse.com/security/cve/CVE-2015-5567/ SUSE CVE CVE-2015-5567 page https://www.suse.com/security/cve/CVE-2015-5568/ SUSE CVE CVE-2015-5568 page https://www.suse.com/security/cve/CVE-2015-5570/ SUSE CVE CVE-2015-5570 page https://www.suse.com/security/cve/CVE-2015-5571/ SUSE CVE CVE-2015-5571 page https://www.suse.com/security/cve/CVE-2015-5572/ SUSE CVE CVE-2015-5572 page https://www.suse.com/security/cve/CVE-2015-5573/ SUSE CVE CVE-2015-5573 page https://www.suse.com/security/cve/CVE-2015-5574/ SUSE CVE CVE-2015-5574 page https://www.suse.com/security/cve/CVE-2015-5575/ SUSE CVE CVE-2015-5575 page https://www.suse.com/security/cve/CVE-2015-5576/ SUSE CVE CVE-2015-5576 page https://www.suse.com/security/cve/CVE-2015-5577/ SUSE CVE CVE-2015-5577 page https://www.suse.com/security/cve/CVE-2015-5578/ SUSE CVE CVE-2015-5578 page https://www.suse.com/security/cve/CVE-2015-5579/ SUSE CVE CVE-2015-5579 page https://www.suse.com/security/cve/CVE-2015-5580/ SUSE CVE CVE-2015-5580 page https://www.suse.com/security/cve/CVE-2015-5581/ SUSE CVE CVE-2015-5581 page https://www.suse.com/security/cve/CVE-2015-5582/ SUSE CVE CVE-2015-5582 page https://www.suse.com/security/cve/CVE-2015-5584/ SUSE CVE CVE-2015-5584 page https://www.suse.com/security/cve/CVE-2015-5587/ SUSE CVE CVE-2015-5587 page https://www.suse.com/security/cve/CVE-2015-5588/ SUSE CVE CVE-2015-5588 page https://www.suse.com/security/cve/CVE-2015-6676/ SUSE CVE CVE-2015-6676 page https://www.suse.com/security/cve/CVE-2015-6677/ SUSE CVE CVE-2015-6677 page https://www.suse.com/security/cve/CVE-2015-6678/ SUSE CVE CVE-2015-6678 page https://www.suse.com/security/cve/CVE-2015-6679/ SUSE CVE CVE-2015-6679 page https://www.suse.com/security/cve/CVE-2015-6682/ SUSE CVE CVE-2015-6682 page SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 flash-player-11.2.202.521-0.17.1 flash-player-gnome-11.2.202.521-0.17.1 flash-player-kde4-11.2.202.521-0.17.1 flash-player-11.2.202.521-0.17.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 flash-player-gnome-11.2.202.521-0.17.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 flash-player-kde4-11.2.202.521-0.17.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 flash-player-11.2.202.521-0.17.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 flash-player-gnome-11.2.202.521-0.17.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 flash-player-kde4-11.2.202.521-0.17.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5579. CVE-2015-5567 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5567.html CVE-2015-5567 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors. CVE-2015-5568 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5568.html CVE-2015-5568 https://bugzilla.suse.com/946880 SUSE Bug 946880 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682. CVE-2015-5570 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5570.html CVE-2015-5570 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333. CVE-2015-5571 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5571.html CVE-2015-5571 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. CVE-2015-5572 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5572.html CVE-2015-5572 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." CVE-2015-5573 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5573.html CVE-2015-5573 https://bugzilla.suse.com/946880 SUSE Bug 946880 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682. CVE-2015-5574 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5574.html CVE-2015-5574 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677. CVE-2015-5575 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5575.html CVE-2015-5575 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. CVE-2015-5576 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5576.html CVE-2015-5576 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677. CVE-2015-5577 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5577.html CVE-2015-5577 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677. CVE-2015-5578 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5578.html CVE-2015-5578 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5567. CVE-2015-5579 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5579.html CVE-2015-5579 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677. CVE-2015-5580 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5580.html CVE-2015-5580 https://bugzilla.suse.com/946880 SUSE Bug 946880 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5584, and CVE-2015-6682. CVE-2015-5581 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5581.html CVE-2015-5581 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5588, and CVE-2015-6677. CVE-2015-5582 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5582.html CVE-2015-5582 https://bugzilla.suse.com/946880 SUSE Bug 946880 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-6682. CVE-2015-5584 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5584.html CVE-2015-5584 https://bugzilla.suse.com/946880 SUSE Bug 946880 Stack-based buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors. CVE-2015-5587 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5587.html CVE-2015-5587 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-6677. CVE-2015-5588 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-5588.html CVE-2015-5588 https://bugzilla.suse.com/946880 SUSE Bug 946880 Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6678. CVE-2015-6676 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-6676.html CVE-2015-6676 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-5588. CVE-2015-6677 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-6677.html CVE-2015-6677 https://bugzilla.suse.com/946880 SUSE Bug 946880 Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676. CVE-2015-6678 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-6678.html CVE-2015-6678 https://bugzilla.suse.com/946880 SUSE Bug 946880 Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. CVE-2015-6679 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-6679.html CVE-2015-6679 https://bugzilla.suse.com/946880 SUSE Bug 946880 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-5584. CVE-2015-6682 SUSE Linux Enterprise Desktop 11 SP3:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP3:flash-player-kde4-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-gnome-11.2.202.521-0.17.1 SUSE Linux Enterprise Desktop 11 SP4:flash-player-kde4-11.2.202.521-0.17.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151614-1/ https://www.suse.com/security/cve/CVE-2015-6682.html CVE-2015-6682 https://bugzilla.suse.com/946880 SUSE Bug 946880