Описание
Security update for flash-player
This update for flash-player fixes the following issues:
- Security update to 24.0.0.186 (bsc#1015379) APSB16-39:
- These updates resolve use-after-free vulnerabilities that could have lead to code execution (CVE-2016-7872, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7892).
- These updates resolve buffer overflow vulnerabilities that could have lead to code execution (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870).
- These updates resolve memory corruption vulnerabilities that could have lead to code execution (CVE-2016-7871, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876).
- These updates resolve a security bypass vulnerability (CVE-2016-7890).
- Keep standalone flashplayer at version 11, no newer version exists (INSECURE!).
- Update EULA to version 24.0.
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP1
Ссылки
- Link for SUSE-SU-2016:3148-1
- E-Mail link for SUSE-SU-2016:3148-1
- SUSE Security Ratings
- SUSE Bug 1015379
- SUSE CVE CVE-2016-7867 page
- SUSE CVE CVE-2016-7868 page
- SUSE CVE CVE-2016-7869 page
- SUSE CVE CVE-2016-7870 page
- SUSE CVE CVE-2016-7871 page
- SUSE CVE CVE-2016-7872 page
- SUSE CVE CVE-2016-7873 page
- SUSE CVE CVE-2016-7874 page
- SUSE CVE CVE-2016-7875 page
- SUSE CVE CVE-2016-7876 page
- SUSE CVE CVE-2016-7877 page
- SUSE CVE CVE-2016-7878 page
- SUSE CVE CVE-2016-7879 page
- SUSE CVE CVE-2016-7880 page
- SUSE CVE CVE-2016-7881 page
- SUSE CVE CVE-2016-7890 page
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7867
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7868
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7869
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7870
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7871
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7872
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7873
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7874
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7875
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7876
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7877
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7878
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7879
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7880
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7881
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy.
Затронутые продукты
Ссылки
- CVE-2016-7890
- SUSE Bug 1015379
Описание
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2016-7892
- SUSE Bug 1015379