Security update for Adobe Flash Player SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1744-1 Final 1 1 2015-10-13T20:02:33Z current 2015-10-13T20:02:33Z 2015-10-13T20:02:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Adobe Flash Player Adobe Flash Player was updated to 11.2.202.535 to fix a number of security issues. (boo#950169, APSB15-25) The following vulnerabilities were fixed: * CVE-2015-7628: Vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure * CVE-2015-5569: Defense-in-depth feature in the Flash broker API * CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644: Use-after-free vulnerabilities that could lead to code execution * CVE-2015-7632: Buffer overflow vulnerability that could lead to code execution * CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634: Memory corruption vulnerabilities that could lead to code execution The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html E-Mail link for openSUSE-SU-2015:1744-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 NonFree flash-player-11.2.202.535-2.73.2 flash-player-gnome-11.2.202.535-2.73.2 flash-player-kde4-11.2.202.535-2.73.2 flash-player-11.2.202.535-2.73.2 as a component of openSUSE 13.2 NonFree flash-player-gnome-11.2.202.535-2.73.2 as a component of openSUSE 13.2 NonFree flash-player-kde4-11.2.202.535-2.73.2 as a component of openSUSE 13.2 NonFree Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 improperly implement the Flash broker API, which has unspecified impact and attack vectors. CVE-2015-5569 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-5569.html CVE-2015-5569 https://bugzilla.suse.com/950169 SUSE Bug 950169 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634. CVE-2015-7625 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-7625.html CVE-2015-7625 https://bugzilla.suse.com/950169 SUSE Bug 950169 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634. CVE-2015-7626 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-7626.html CVE-2015-7626 https://bugzilla.suse.com/950169 SUSE Bug 950169 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634. CVE-2015-7627 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-7627.html CVE-2015-7627 https://bugzilla.suse.com/950169 SUSE Bug 950169 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. CVE-2015-7628 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-7628.html CVE-2015-7628 https://bugzilla.suse.com/950169 SUSE Bug 950169 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a TextFormat object with a crafted tabStops property, a different vulnerability than CVE-2015-7631, CVE-2015-7643, and CVE-2015-7644. CVE-2015-7629 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-7629.html CVE-2015-7629 https://bugzilla.suse.com/950169 SUSE Bug 950169 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7633, and CVE-2015-7634. CVE-2015-7630 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-7630.html CVE-2015-7630 https://bugzilla.suse.com/950169 SUSE Bug 950169 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a TextLine object with a crafted validity property, a different vulnerability than CVE-2015-7629, CVE-2015-7643, and CVE-2015-7644. CVE-2015-7631 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-7631.html CVE-2015-7631 https://bugzilla.suse.com/950169 SUSE Bug 950169 Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Loader object with a crafted loaderBytes property. CVE-2015-7632 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-7632.html CVE-2015-7632 https://bugzilla.suse.com/950169 SUSE Bug 950169 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, and CVE-2015-7634. CVE-2015-7633 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-7633.html CVE-2015-7633 https://bugzilla.suse.com/950169 SUSE Bug 950169 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, and CVE-2015-7633. CVE-2015-7634 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-7634.html CVE-2015-7634 https://bugzilla.suse.com/950169 SUSE Bug 950169 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Video object with a crafted deblocking property, a different vulnerability than CVE-2015-7629, CVE-2015-7631, and CVE-2015-7644. CVE-2015-7643 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-7643.html CVE-2015-7643 https://bugzilla.suse.com/950169 SUSE Bug 950169 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, and CVE-2015-7643. CVE-2015-7644 openSUSE 13.2 NonFree:flash-player-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.535-2.73.2 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.535-2.73.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html https://www.suse.com/security/cve/CVE-2015-7644.html CVE-2015-7644 https://bugzilla.suse.com/950169 SUSE Bug 950169