Описание
Security update for flash-player
This update for flash-player fixes the following issues:
- Security update to 25.0.0.171 (bsc#1038281), fixing the following
vulnerabilities advised under APSB17-15:
- Use-after-free vulnerability that could lead to code execution (CVE-2017-3071).
- Memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074).
- Details: https://helpx.adobe.com/security/products/flash-player/apsb17-15.html
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP1
Ссылки
- Link for SUSE-SU-2017:1238-1
- E-Mail link for SUSE-SU-2017:1238-1
- SUSE Security Ratings
- SUSE Bug 1038281
- SUSE CVE CVE-2017-3068 page
- SUSE CVE CVE-2017-3069 page
- SUSE CVE CVE-2017-3070 page
- SUSE CVE CVE-2017-3071 page
- SUSE CVE CVE-2017-3072 page
- SUSE CVE CVE-2017-3073 page
- SUSE CVE CVE-2017-3074 page
Описание
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3068
- SUSE Bug 1038281
Описание
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3069
- SUSE Bug 1038281
Описание
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3070
- SUSE Bug 1038281
Описание
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3071
- SUSE Bug 1038281
Описание
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3072
- SUSE Bug 1038281
Описание
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3073
- SUSE Bug 1038281
Описание
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-3074
- SUSE Bug 1038281