Security update for flash-player

Announcement ID:	SUSE-SU-2015:1043-1
Rating:	important
References:	bsc#934088
Cross-References:	CVE-2015-3096 CVE-2015-3098 CVE-2015-3099 CVE-2015-3100 CVE-2015-3102 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 CVE-2015-3108
CVSS scores:
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Workstation Extension 12

An update that solves 11 vulnerabilities can now be installed.

Description:

The following issues are fixed by this updated: * CVE-2015-3096: These updates resolve a vulnerability that could be exploited to bypass the fix for CVE-2014-5333. * CVE-2015-3098, CVE-2015-3099, CVE-2015-3102:These updates resolve vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure. * CVE-2015-3100: These updates resolve a stack overflow vulnerability that could lead to code execution. * CVE-2015-3103, CVE-2015-3106, CVE-2015-3107: These updates resolve use-after-free vulnerabilities that could lead to code execution. * CVE-2015-3104: These updates resolve an integer overflow vulnerability that could lead to code execution. * CVE-2015-3105: These updates resolve a memory corruption vulnerability that could lead to code execution. * CVE-2015-3108: These updates resolve a memory leak vulnerability that could be used to bypass ASLR (CVE-2015-3108). (bsc#934088)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-263=1
• SUSE Linux Enterprise Workstation Extension 12
  zypper in -t patch SUSE-SLE-WE-12-2015-263=1

Package List:

• SUSE Linux Enterprise Desktop 12 (nosrc x86_64 i586)
  • flash-player-11.2.202.466-86.1
• SUSE Linux Enterprise Desktop 12 (x86_64 i586)
  • flash-player-gnome-11.2.202.466-86.1
• SUSE Linux Enterprise Workstation Extension 12 (nosrc x86_64 i586)
  • flash-player-11.2.202.466-86.1
• SUSE Linux Enterprise Workstation Extension 12 (x86_64 i586)
  • flash-player-gnome-11.2.202.466-86.1

References:

• https://www.suse.com/security/cve/CVE-2015-3096.html
• https://www.suse.com/security/cve/CVE-2015-3098.html
• https://www.suse.com/security/cve/CVE-2015-3099.html
• https://www.suse.com/security/cve/CVE-2015-3100.html
• https://www.suse.com/security/cve/CVE-2015-3102.html
• https://www.suse.com/security/cve/CVE-2015-3103.html
• https://www.suse.com/security/cve/CVE-2015-3104.html
• https://www.suse.com/security/cve/CVE-2015-3105.html
• https://www.suse.com/security/cve/CVE-2015-3106.html
• https://www.suse.com/security/cve/CVE-2015-3107.html
• https://www.suse.com/security/cve/CVE-2015-3108.html
• https://bugzilla.suse.com/show_bug.cgi?id=934088