Описание
Security update for flash-player
This update for flash-player fixes the following issues:
Security update to 25.0.0.127 (bsc#1029374), fixing the following vulnerabilities advised under APSB17-07:
- CVE-2017-2997: This update resolves a buffer overflow vulnerability that could lead to code execution.
- CVE-2017-2998, CVE-2017-2999: This update resolves memory corruption vulnerabilities that could lead to code execution.
- CVE-2017-3000: This update resolves a random number generator vulnerability used for constant blinding that could lead to information disclosure.
- CVE-2017-3001, CVE-2017-3002, CVE-2017-3003: This update resolves use-after-free vulnerabilities that could lead to code execution.
- Details: https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP1
Ссылки
- Link for SUSE-SU-2017:0703-1
- E-Mail link for SUSE-SU-2017:0703-1
- SUSE Security Ratings
- SUSE Bug 1029374
- SUSE CVE CVE-2017-2997 page
- SUSE CVE CVE-2017-2998 page
- SUSE CVE CVE-2017-2999 page
- SUSE CVE CVE-2017-3000 page
- SUSE CVE CVE-2017-3001 page
- SUSE CVE CVE-2017-3002 page
- SUSE CVE CVE-2017-3003 page
Описание
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2997
- SUSE Bug 1029374
Описание
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2998
- SUSE Bug 1029374
Описание
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-2999
- SUSE Bug 1029374
Описание
Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.
Затронутые продукты
Ссылки
- CVE-2017-3000
- SUSE Bug 1029374
Описание
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3001
- SUSE Bug 1029374
Описание
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3002
- SUSE Bug 1029374
Описание
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3003
- SUSE Bug 1029374