Security update for flash-player SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1984-1 Final 1 1 2015-11-11T11:33:07Z current 2015-11-11T11:33:07Z 2015-11-11T11:33:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for flash-player The flash-player package was updated to fix the following security issues: - Security update to 11.2.202.548 (bsc#954512): * APSB15-28, CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html E-Mail link for openSUSE-SU-2015:1984-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 NonFree flash-player-11.2.202.548-2.79.1 flash-player-gnome-11.2.202.548-2.79.1 flash-player-kde4-11.2.202.548-2.79.1 flash-player-11.2.202.548-2.79.1 as a component of openSUSE 13.2 NonFree flash-player-gnome-11.2.202.548-2.79.1 as a component of openSUSE 13.2 NonFree flash-player-kde4-11.2.202.548-2.79.1 as a component of openSUSE 13.2 NonFree Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted DefineFunction atoms, a different vulnerability than CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. CVE-2015-7651 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7651.html CVE-2015-7651 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted gridFitType property value, a different vulnerability than CVE-2015-7651, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. CVE-2015-7652 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7652.html CVE-2015-7652 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted globalToLocal arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. CVE-2015-7653 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7653.html CVE-2015-7653 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted attachSound arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. CVE-2015-7654 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7654.html CVE-2015-7654 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionExtends arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. CVE-2015-7655 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7655.html CVE-2015-7655 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionImplementsOp arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. CVE-2015-7656 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7656.html CVE-2015-7656 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionCallMethod arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. CVE-2015-7657 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7657.html CVE-2015-7657 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionInstanceOf arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. CVE-2015-7658 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7658.html CVE-2015-7658 https://bugzilla.suse.com/954512 SUSE Bug 954512 Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion" in the NetConnection object implementation. CVE-2015-7659 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7659.html CVE-2015-7659 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted setMask arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. CVE-2015-7660 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7660.html CVE-2015-7660 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted getBounds call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. CVE-2015-7661 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7661.html CVE-2015-7661 https://bugzilla.suse.com/954512 SUSE Bug 954512 Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors. CVE-2015-7662 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7662.html CVE-2015-7662 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. CVE-2015-7663 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-7663.html CVE-2015-7663 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted loadSound call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. CVE-2015-8042 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-8042.html CVE-2015-8042 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8044, and CVE-2015-8046. CVE-2015-8043 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-8043.html CVE-2015-8043 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, and CVE-2015-8046. CVE-2015-8044 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-8044.html CVE-2015-8044 https://bugzilla.suse.com/954512 SUSE Bug 954512 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, and CVE-2015-8044. CVE-2015-8046 openSUSE 13.2 NonFree:flash-player-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.548-2.79.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.548-2.79.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html https://www.suse.com/security/cve/CVE-2015-8046.html CVE-2015-8046 https://bugzilla.suse.com/954512 SUSE Bug 954512