Security update for flash-player

SUSE Security Update: Security update for flash-player
Announcement ID: SUSE-SU-2016:1826-1
Rating: important
References: #988579
Affected Products:
  • SUSE Linux Enterprise Workstation Extension 12-SP1
  • SUSE Linux Enterprise Desktop 12-SP1

  • An update that fixes 52 vulnerabilities is now available.

    Description:

    Adobe Flash Player was updated to 11.2.202.632 to fix many security issues
    tracked under the upstream advisory APSB16-25, allowing remote attackers
    to execute arbitrary code when delivering specially crafted Flash content.

    The following vulnerabilities were fixed:

    - CVE-2016-4172: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4173: use-after-free vulnerability that could lead to code
    execution
    - CVE-2016-4174: use-after-free vulnerability that could lead to code
    execution
    - CVE-2016-4175: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4176: stack corruption vulnerability that could lead to code
    execution
    - CVE-2016-4177: stack corruption vulnerability that could lead to code
    execution
    - CVE-2016-4178: security bypass vulnerability that could lead to
    information disclosure
    - CVE-2016-4179: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4180: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4181: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4182: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4183: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4184: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4185: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4186: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4187: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4188: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4189: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4190: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4217: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4218: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4219: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4220: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4221: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4222: use-after-free vulnerability that could lead to code
    execution
    - CVE-2016-4223: type confusion vulnerability that could lead to code
    execution
    - CVE-2016-4224: type confusion vulnerability that could lead to code
    execution
    - CVE-2016-4225: type confusion vulnerability that could lead to code
    execution
    - CVE-2016-4226: use-after-free vulnerability that could lead to code
    execution
    - CVE-2016-4227: use-after-free vulnerability that could lead to code
    execution
    - CVE-2016-4228: use-after-free vulnerability that could lead to code
    execution
    - CVE-2016-4229: use-after-free vulnerability that could lead to code
    execution
    - CVE-2016-4230: use-after-free vulnerability that could lead to code
    execution
    - CVE-2016-4231: use-after-free vulnerability that could lead to code
    execution
    - CVE-2016-4232: memory leak vulnerability
    - CVE-2016-4233: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4234: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4235: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4236: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4237: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4238: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4239: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4240: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4241: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4242: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4243: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4244: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4245: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4246: memory corruption vulnerability that could lead to code
    execution
    - CVE-2016-4247: race condition vulnerability that could lead to
    information disclosure
    - CVE-2016-4248: use-after-free vulnerability that could lead to code
    execution
    - CVE-2016-4249: heap buffer overflow vulnerability that could lead to
    code execution

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Workstation Extension 12-SP1:
      zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1073=1
    • SUSE Linux Enterprise Desktop 12-SP1:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1073=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
      • flash-player-11.2.202.632-136.1
      • flash-player-gnome-11.2.202.632-136.1
    • SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
      • flash-player-11.2.202.632-136.1
      • flash-player-gnome-11.2.202.632-136.1

    References: