Security update for flash-player

Announcement ID: SUSE-SU-2015:2402-1
Rating: important
References:
Cross-References:
CVSS scores:
Affected Products:
  • SUSE Linux Enterprise Desktop 11 SP3
  • SUSE Linux Enterprise Desktop 11 SP4

An update that solves 19 vulnerabilities can now be installed.

Description:

This update for flash-player fixes the following issues:

  • CVE-2015-8644: Type confusion vulnerability that could lead to code execution.
  • CVE-2015-8651: Integer overflow vulnerability that could lead to code execution.
  • CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650: Use-after-free vulnerabilities that could lead to code execution.
  • CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645: Memory corruption vulnerabilities that could lead to code execution.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 11 SP3
    zypper in -t patch sledsp3-flash-player-12291=1
  • SUSE Linux Enterprise Desktop 11 SP4
    zypper in -t patch sledsp4-flash-player-12291=1

Package List:

  • SUSE Linux Enterprise Desktop 11 SP3 (nosrc x86_64 i586)
    • flash-player-11.2.202.559-0.32.1
  • SUSE Linux Enterprise Desktop 11 SP3 (x86_64 i586)
    • flash-player-gnome-11.2.202.559-0.32.1
    • flash-player-kde4-11.2.202.559-0.32.1
  • SUSE Linux Enterprise Desktop 11 SP4 (nosrc x86_64 i586)
    • flash-player-11.2.202.559-0.32.1
  • SUSE Linux Enterprise Desktop 11 SP4 (x86_64 i586)
    • flash-player-gnome-11.2.202.559-0.32.1
    • flash-player-kde4-11.2.202.559-0.32.1

References: