Описание
Security update for flash-player
Adobe flash-player was updated to 25.0.0.148 to fix the following issues:
-
Vulnerabilities fixed as advised under APSB17-10:
- Use-after-free vulnerabilities that could lead to code execution (CVE-2017-3058, CVE-2017-3059, CVE-2017-3062, CVE-2017-3063).
- Resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3060, CVE-2017-3061, CVE-2017-3064).
-
Details: https://helpx.adobe.com/security/products/flash-player/apsb17-10.html
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP1
Ссылки
- Link for SUSE-SU-2017:0990-1
- E-Mail link for SUSE-SU-2017:0990-1
- SUSE Security Ratings
- SUSE Bug 1033619
- SUSE CVE CVE-2017-3058 page
- SUSE CVE CVE-2017-3059 page
- SUSE CVE CVE-2017-3060 page
- SUSE CVE CVE-2017-3061 page
- SUSE CVE CVE-2017-3062 page
- SUSE CVE CVE-2017-3063 page
- SUSE CVE CVE-2017-3064 page
Описание
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3058
- SUSE Bug 1033619
Описание
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3059
- SUSE Bug 1033619
Описание
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3060
- SUSE Bug 1033619
Описание
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3061
- SUSE Bug 1033619
Описание
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3062
- SUSE Bug 1033619
Описание
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3063
- SUSE Bug 1033619
Описание
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3064
- SUSE Bug 1033619