Security update for Adobe Flash Player SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0718-1 Final 1 1 2015-04-14T20:59:16Z current 2015-04-14T20:59:16Z 2015-04-14T20:59:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Adobe Flash Player Adobe Flash Player was updated to 11.2.202.457 to fix several security issues that could lead to remote code execution. An exploit for CVE-2015-3043 was reported to exist in the wild. The following vulnerabilities were fixed: * Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043). * Type confusion vulnerability that could lead to code execution (CVE-2015-0356). * Buffer overflow vulnerability that could lead to code execution (CVE-2015-0348). * Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039). * Double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359). * Memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040). * Security bypass vulnerability that could lead to information disclosure (CVE-2015-3044). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html E-Mail link for openSUSE-SU-2015:0718-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 NonFree flash-player-11.2.202.457-2.48.1 flash-player-gnome-11.2.202.457-2.48.1 flash-player-kde4-11.2.202.457-2.48.1 flash-player-11.2.202.457-2.48.1 as a component of openSUSE 13.2 NonFree flash-player-gnome-11.2.202.457-2.48.1 as a component of openSUSE 13.2 NonFree flash-player-kde4-11.2.202.457-2.48.1 as a component of openSUSE 13.2 NonFree Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0359. CVE-2015-0346 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0346.html CVE-2015-0346 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0347 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0347.html CVE-2015-0347 https://bugzilla.suse.com/927089 SUSE Bug 927089 Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors. CVE-2015-0348 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0348.html CVE-2015-0348 https://bugzilla.suse.com/927089 SUSE Bug 927089 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039. CVE-2015-0349 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0349.html CVE-2015-0349 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0350 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0350.html CVE-2015-0350 https://bugzilla.suse.com/927089 SUSE Bug 927089 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and CVE-2015-3039. CVE-2015-0351 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0351.html CVE-2015-0351 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0352 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0352.html CVE-2015-0352 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0353 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0353.html CVE-2015-0353 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0354 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0354.html CVE-2015-0354 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0355 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0355.html CVE-2015-0355 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion." CVE-2015-0356 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0356.html CVE-2015-0356 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3040. CVE-2015-0357 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0357.html CVE-2015-0357 https://bugzilla.suse.com/927089 SUSE Bug 927089 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039. CVE-2015-0358 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0358.html CVE-2015-0358 https://bugzilla.suse.com/927089 SUSE Bug 927089 Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346. CVE-2015-0359 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0359.html CVE-2015-0359 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0360 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-0360.html CVE-2015-0360 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-3038 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-3038.html CVE-2015-3038 https://bugzilla.suse.com/927089 SUSE Bug 927089 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358. CVE-2015-3039 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-3039.html CVE-2015-3039 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357. CVE-2015-3040 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-3040.html CVE-2015-3040 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043. CVE-2015-3041 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-3041.html CVE-2015-3041 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043. CVE-2015-3042 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-3042.html CVE-2015-3042 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042. CVE-2015-3043 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-3043.html CVE-2015-3043 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. CVE-2015-3044 openSUSE 13.2 NonFree:flash-player-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.457-2.48.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.457-2.48.1 important 4.3 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html https://www.suse.com/security/cve/CVE-2015-3044.html CVE-2015-3044 https://bugzilla.suse.com/927089 SUSE Bug 927089 https://bugzilla.suse.com/930677 SUSE Bug 930677