Security update for flash-player

SUSE Security Update: Security update for flash-player
Announcement ID: SUSE-SU-2017:0108-1
Rating: important
References: #1019129
Affected Products:
  • SUSE Linux Enterprise Workstation Extension 12-SP1
  • SUSE Linux Enterprise Desktop 12-SP1

  • An update that fixes 13 vulnerabilities is now available.

    Description:

    This update to Adobe Flash 24.0.0.194 fixes the following vulnerabilities
    advised under APSB17-02:

    - security bypass vulnerability that could lead to information disclosure
    (CVE-2017-2938)
    - use-after-free vulnerabilities that could lead to code execution
    (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937)
    - heap buffer overflow vulnerabilities that could lead to code execution
    (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935)
    - memory corruption vulnerabilities that could lead to code execution
    (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930,
    CVE-2017-2931)

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Workstation Extension 12-SP1:
      zypper in -t patch SUSE-SLE-WE-12-SP1-2017-51=1
    • SUSE Linux Enterprise Desktop 12-SP1:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-51=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
      • flash-player-24.0.0.194-155.1
      • flash-player-gnome-24.0.0.194-155.1
    • SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
      • flash-player-24.0.0.194-155.1
      • flash-player-gnome-24.0.0.194-155.1

    References: