Security update for flash-player SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0890-1 Final 1 1 2015-05-15T11:47:07Z current 2015-05-15T11:47:07Z 2015-05-15T11:47:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for flash-player The Adobe flash-player package was updated to version 11.2.202.460 to fix several security issues. The following vulnerabilities were fixed (bsc#930677): * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093 More information can be found at the Adobe Security Bulletin APSB15-09: https://helpx.adobe.com/security/products/flash-player/apsb15-09.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html E-Mail link for openSUSE-SU-2015:0890-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Evergreen 11.4 flash-player-11.2.202.460-161.1 flash-player-gnome-11.2.202.460-161.1 flash-player-kde4-11.2.202.460-161.1 flash-player-11.2.202.460-161.1 as a component of openSUSE Evergreen 11.4 flash-player-gnome-11.2.202.460-161.1 as a component of openSUSE Evergreen 11.4 flash-player-kde4-11.2.202.460-161.1 as a component of openSUSE Evergreen 11.4 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. CVE-2015-3044 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important 4.3 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3044.html CVE-2015-3044 https://bugzilla.suse.com/927089 SUSE Bug 927089 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3084 and CVE-2015-3086. CVE-2015-3077 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3077.html CVE-2015-3077 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3089, CVE-2015-3090, and CVE-2015-3093. CVE-2015-3078 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3078.html CVE-2015-3078 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. CVE-2015-3079 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3079.html CVE-2015-3079 https://bugzilla.suse.com/930677 SUSE Bug 930677 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors. CVE-2015-3080 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3080.html CVE-2015-3080 https://bugzilla.suse.com/930677 SUSE Bug 930677 Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to bypass the Internet Explorer Protected Mode protection mechanism via unspecified vectors. CVE-2015-3081 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3081.html CVE-2015-3081 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3083 and CVE-2015-3085. CVE-2015-3082 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3082.html CVE-2015-3082 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3085. CVE-2015-3083 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3083.html CVE-2015-3083 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3077 and CVE-2015-3086. CVE-2015-3084 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3084.html CVE-2015-3084 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3083. CVE-2015-3085 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3085.html CVE-2015-3085 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3077 and CVE-2015-3084. CVE-2015-3086 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3086.html CVE-2015-3086 https://bugzilla.suse.com/930677 SUSE Bug 930677 Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors. CVE-2015-3087 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3087.html CVE-2015-3087 https://bugzilla.suse.com/930677 SUSE Bug 930677 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors. CVE-2015-3088 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3088.html CVE-2015-3088 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3090, and CVE-2015-3093. CVE-2015-3089 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3089.html CVE-2015-3089 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093. CVE-2015-3090 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3090.html CVE-2015-3090 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3092. CVE-2015-3091 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3091.html CVE-2015-3091 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3091. CVE-2015-3092 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3092.html CVE-2015-3092 https://bugzilla.suse.com/930677 SUSE Bug 930677 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3090. CVE-2015-3093 openSUSE Evergreen 11.4:flash-player-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.460-161.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.460-161.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html https://www.suse.com/security/cve/CVE-2015-3093.html CVE-2015-3093 https://bugzilla.suse.com/930677 SUSE Bug 930677