Security update for flash-player

SUSE Security Update: Security update for flash-player
Announcement ID: SUSE-SU-2015:2402-1
Rating: important
References: #960317
Affected Products:
  • SUSE Linux Enterprise Desktop 11-SP4
  • SUSE Linux Enterprise Desktop 11-SP3

  • An update that fixes 19 vulnerabilities is now available.

    Description:


    This update for flash-player fixes the following issues:

    - CVE-2015-8644: Type confusion vulnerability that could lead to code
    execution.
    - CVE-2015-8651: Integer overflow vulnerability that could lead to code
    execution.
    - CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639,
    CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643,
    CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649,
    CVE-2015-8650: Use-after-free vulnerabilities that could lead to code
    execution.
    - CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645: Memory
    corruption vulnerabilities that could lead to code execution.

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Desktop 11-SP4:
      zypper in -t patch sledsp4-flash-player-12291=1
    • SUSE Linux Enterprise Desktop 11-SP3:
      zypper in -t patch sledsp3-flash-player-12291=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):
      • flash-player-11.2.202.559-0.32.1
      • flash-player-gnome-11.2.202.559-0.32.1
      • flash-player-kde4-11.2.202.559-0.32.1
    • SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64):
      • flash-player-11.2.202.559-0.32.1
      • flash-player-gnome-11.2.202.559-0.32.1
      • flash-player-kde4-11.2.202.559-0.32.1

    References: