Security update for flash-player

SUSE Security Update: Security update for flash-player
Announcement ID: SUSE-SU-2017:0523-1
Rating: important
References: #1025258
Affected Products:
  • SUSE Linux Enterprise Workstation Extension 12-SP1
  • SUSE Linux Enterprise Desktop 12-SP1

  • An update that fixes 12 vulnerabilities is now available.

    Description:


    The Adobe flash-player was updated to 24.0.0.221 to fix the following
    issues:

    Security update to 24.0.0.221 (bsc#1025258), fixing the following
    vulnerabilities advised under APSB17-04:

    * type confusion vulnerability that could lead to code execution
    (CVE-2017-2995).
    * integer overflow vulnerability that could lead to code execution
    (CVE-2017-2987).
    * use-after-free vulnerabilities that could lead to code execution
    (CVE-2017-2982, CVE-2017-2985, CVE-2017-2993, CVE-2017-2994).
    * heap buffer overflow vulnerabilities that could lead to code execution
    (CVE-2017- 2984, CVE-2017-2986, CVE-2017-2992).
    * memory corruption vulnerabilities that could lead to code execution
    (CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2996).

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Workstation Extension 12-SP1:
      zypper in -t patch SUSE-SLE-WE-12-SP1-2017-268=1
    • SUSE Linux Enterprise Desktop 12-SP1:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-268=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
      • flash-player-24.0.0.221-158.1
      • flash-player-gnome-24.0.0.221-158.1
    • SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
      • flash-player-24.0.0.221-158.1
      • flash-player-gnome-24.0.0.221-158.1

    References: