Security update for flash-player

Announcement ID:	SUSE-SU-2015:0236-1
Rating:	critical
References:	bsc#915918
Cross-References:	CVE-2015-0313 CVE-2015-0314 CVE-2015-0315 CVE-2015-0316 CVE-2015-0317 CVE-2015-0318 CVE-2015-0319 CVE-2015-0320 CVE-2015-0321 CVE-2015-0322 CVE-2015-0323 CVE-2015-0324 CVE-2015-0325 CVE-2015-0326 CVE-2015-0327 CVE-2015-0328 CVE-2015-0329 CVE-2015-0330
CVSS scores:
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Workstation Extension 12

An update that solves 18 vulnerabilities can now be installed.

Description:

flash-player was updated to version 11.2.202.442 to fix 18 security issues.

These security issues were fixed: - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317, CVE-2015-0319). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323, CVE-2015-0327). - Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324). - Null pointer dereference issues (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328).

More information is available at https://helpx.adobe.com/security/products/flash-player/apsb15-04.html

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-58=1
• SUSE Linux Enterprise Workstation Extension 12
  zypper in -t patch SUSE-SLE-WE-12-2015-58=1

Package List:

• SUSE Linux Enterprise Desktop 12 (nosrc x86_64 i586)
  • flash-player-11.2.202.442-67.1
• SUSE Linux Enterprise Desktop 12 (x86_64 i586)
  • flash-player-gnome-11.2.202.442-67.1
• SUSE Linux Enterprise Workstation Extension 12 (nosrc x86_64 i586)
  • flash-player-11.2.202.442-67.1
• SUSE Linux Enterprise Workstation Extension 12 (x86_64 i586)
  • flash-player-gnome-11.2.202.442-67.1

References:

• https://www.suse.com/security/cve/CVE-2015-0313.html
• https://www.suse.com/security/cve/CVE-2015-0314.html
• https://www.suse.com/security/cve/CVE-2015-0315.html
• https://www.suse.com/security/cve/CVE-2015-0316.html
• https://www.suse.com/security/cve/CVE-2015-0317.html
• https://www.suse.com/security/cve/CVE-2015-0318.html
• https://www.suse.com/security/cve/CVE-2015-0319.html
• https://www.suse.com/security/cve/CVE-2015-0320.html
• https://www.suse.com/security/cve/CVE-2015-0321.html
• https://www.suse.com/security/cve/CVE-2015-0322.html
• https://www.suse.com/security/cve/CVE-2015-0323.html
• https://www.suse.com/security/cve/CVE-2015-0324.html
• https://www.suse.com/security/cve/CVE-2015-0325.html
• https://www.suse.com/security/cve/CVE-2015-0326.html
• https://www.suse.com/security/cve/CVE-2015-0327.html
• https://www.suse.com/security/cve/CVE-2015-0328.html
• https://www.suse.com/security/cve/CVE-2015-0329.html
• https://www.suse.com/security/cve/CVE-2015-0330.html
• https://bugzilla.suse.com/show_bug.cgi?id=915918