Security update for flash-player

Announcement ID:	SUSE-SU-2015:2401-1
Rating:	important
References:	bsc#960317
Cross-References:	CVE-2015-8459 CVE-2015-8460 CVE-2015-8634 CVE-2015-8635 CVE-2015-8636 CVE-2015-8638 CVE-2015-8639 CVE-2015-8640 CVE-2015-8641 CVE-2015-8642 CVE-2015-8643 CVE-2015-8644 CVE-2015-8645 CVE-2015-8646 CVE-2015-8647 CVE-2015-8648 CVE-2015-8649 CVE-2015-8650 CVE-2015-8651
CVSS scores:
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1

An update that solves 19 vulnerabilities can now be installed.

Description:

This update for flash-player fixes the following issues:

• CVE-2015-8644: Type confusion vulnerability that could lead to code execution .
• CVE-2015-8651: Integer overflow vulnerability that could lead to code execution.
• CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650: Use-after-free vulnerabilities that could lead to code execution.
• CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645: Memory corruption vulnerabilities that could lead to code execution.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP1
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1033=1
• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1033=1
• SUSE Linux Enterprise Workstation Extension 12 SP1
  zypper in -t patch SUSE-SLE-WE-12-SP1-2015-1033=1
• SUSE Linux Enterprise Workstation Extension 12
  zypper in -t patch SUSE-SLE-WE-12-2015-1033=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP1 (nosrc x86_64)
  • flash-player-11.2.202.559-117.1
• SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
  • flash-player-gnome-11.2.202.559-117.1
• SUSE Linux Enterprise Desktop 12 (nosrc x86_64)
  • flash-player-11.2.202.559-117.1
• SUSE Linux Enterprise Desktop 12 (x86_64)
  • flash-player-gnome-11.2.202.559-117.1
• SUSE Linux Enterprise Workstation Extension 12 SP1 (nosrc x86_64)
  • flash-player-11.2.202.559-117.1
• SUSE Linux Enterprise Workstation Extension 12 SP1 (x86_64)
  • flash-player-gnome-11.2.202.559-117.1
• SUSE Linux Enterprise Workstation Extension 12 (nosrc x86_64)
  • flash-player-11.2.202.559-117.1
• SUSE Linux Enterprise Workstation Extension 12 (x86_64)
  • flash-player-gnome-11.2.202.559-117.1

References:

• https://www.suse.com/security/cve/CVE-2015-8459.html
• https://www.suse.com/security/cve/CVE-2015-8460.html
• https://www.suse.com/security/cve/CVE-2015-8634.html
• https://www.suse.com/security/cve/CVE-2015-8635.html
• https://www.suse.com/security/cve/CVE-2015-8636.html
• https://www.suse.com/security/cve/CVE-2015-8638.html
• https://www.suse.com/security/cve/CVE-2015-8639.html
• https://www.suse.com/security/cve/CVE-2015-8640.html
• https://www.suse.com/security/cve/CVE-2015-8641.html
• https://www.suse.com/security/cve/CVE-2015-8642.html
• https://www.suse.com/security/cve/CVE-2015-8643.html
• https://www.suse.com/security/cve/CVE-2015-8644.html
• https://www.suse.com/security/cve/CVE-2015-8645.html
• https://www.suse.com/security/cve/CVE-2015-8646.html
• https://www.suse.com/security/cve/CVE-2015-8647.html
• https://www.suse.com/security/cve/CVE-2015-8648.html
• https://www.suse.com/security/cve/CVE-2015-8649.html
• https://www.suse.com/security/cve/CVE-2015-8650.html
• https://www.suse.com/security/cve/CVE-2015-8651.html
• https://bugzilla.suse.com/show_bug.cgi?id=960317