Описание
Security update for flash-player
This update to Adobe Flash 24.0.0.194 fixes the following vulnerabilities advised under APSB17-02:
- security bypass vulnerability that could lead to information disclosure (CVE-2017-2938)
- use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937)
- heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935)
- memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP1
Ссылки
- Link for SUSE-SU-2017:0108-1
- E-Mail link for SUSE-SU-2017:0108-1
- SUSE Security Ratings
- SUSE Bug 1019129
- SUSE CVE CVE-2017-2925 page
- SUSE CVE CVE-2017-2926 page
- SUSE CVE CVE-2017-2927 page
- SUSE CVE CVE-2017-2928 page
- SUSE CVE CVE-2017-2930 page
- SUSE CVE CVE-2017-2931 page
- SUSE CVE CVE-2017-2932 page
- SUSE CVE CVE-2017-2933 page
- SUSE CVE CVE-2017-2934 page
- SUSE CVE CVE-2017-2935 page
- SUSE CVE CVE-2017-2936 page
- SUSE CVE CVE-2017-2937 page
- SUSE CVE CVE-2017-2938 page
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2925
- SUSE Bug 1019129
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2926
- SUSE Bug 1019129
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2927
- SUSE Bug 1019129
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2928
- SUSE Bug 1019129
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2930
- SUSE Bug 1019129
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2931
- SUSE Bug 1019129
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2932
- SUSE Bug 1019129
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2933
- SUSE Bug 1019129
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2934
- SUSE Bug 1019129
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2935
- SUSE Bug 1019129
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2936
- SUSE Bug 1019129
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2937
- SUSE Bug 1019129
Описание
Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections.
Затронутые продукты
Ссылки
- CVE-2017-2938
- SUSE Bug 1019129