Security update for Adobe Flash Player SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0725-1 Final 1 1 2015-04-16T07:22:23Z current 2015-04-16T07:22:23Z 2015-04-16T07:22:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Adobe Flash Player Adobe Flash Player was updated to 11.2.202.457 to fix several security issues that could lead to remote code execution. An exploit for CVE-2015-3043 was reported to exist in the wild. The following vulnerabilities were fixed: * Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043). * Type confusion vulnerability that could lead to code execution (CVE-2015-0356). * Buffer overflow vulnerability that could lead to code execution (CVE-2015-0348). * Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039). * Double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359). * Memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040). * Security bypass vulnerability that could lead to information disclosure (CVE-2015-3044) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html E-Mail link for openSUSE-SU-2015:0725-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Evergreen 11.4 flash-player-11.2.202.457-158.1 flash-player-gnome-11.2.202.457-158.1 flash-player-kde4-11.2.202.457-158.1 flash-player-11.2.202.457-158.1 as a component of openSUSE Evergreen 11.4 flash-player-gnome-11.2.202.457-158.1 as a component of openSUSE Evergreen 11.4 flash-player-kde4-11.2.202.457-158.1 as a component of openSUSE Evergreen 11.4 Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0564. CVE-2014-0558 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0558.html CVE-2014-0558 https://bugzilla.suse.com/901334 SUSE Bug 901334 https://bugzilla.suse.com/905032 SUSE Bug 905032 Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558. CVE-2014-0564 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0564.html CVE-2014-0564 https://bugzilla.suse.com/901334 SUSE Bug 901334 https://bugzilla.suse.com/905032 SUSE Bug 905032 Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors. CVE-2014-0569 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0569.html CVE-2014-0569 https://bugzilla.suse.com/901334 SUSE Bug 901334 https://bugzilla.suse.com/905032 SUSE Bug 905032 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0588 and CVE-2014-8438. CVE-2014-0573 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0573.html CVE-2014-0573 https://bugzilla.suse.com/905032 SUSE Bug 905032 Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors. CVE-2014-0574 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0574.html CVE-2014-0574 https://bugzilla.suse.com/905032 SUSE Bug 905032 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0581, CVE-2014-8440, and CVE-2014-8441. CVE-2014-0576 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0576.html CVE-2014-0576 https://bugzilla.suse.com/905032 SUSE Bug 905032 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590. CVE-2014-0577 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0577.html CVE-2014-0577 https://bugzilla.suse.com/905032 SUSE Bug 905032 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-8440, and CVE-2014-8441. CVE-2014-0581 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0581.html CVE-2014-0581 https://bugzilla.suse.com/905032 SUSE Bug 905032 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0589. CVE-2014-0582 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0582.html CVE-2014-0582 https://bugzilla.suse.com/905032 SUSE Bug 905032 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a transition from Low Integrity to Medium Integrity via unspecified vectors. CVE-2014-0583 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0583.html CVE-2014-0583 https://bugzilla.suse.com/905032 SUSE Bug 905032 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590. CVE-2014-0584 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0584.html CVE-2014-0584 https://bugzilla.suse.com/905032 SUSE Bug 905032 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0586, and CVE-2014-0590. CVE-2014-0585 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0585.html CVE-2014-0585 https://bugzilla.suse.com/905032 SUSE Bug 905032 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0590. CVE-2014-0586 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0586.html CVE-2014-0586 https://bugzilla.suse.com/905032 SUSE Bug 905032 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-8438. CVE-2014-0588 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0588.html CVE-2014-0588 https://bugzilla.suse.com/905032 SUSE Bug 905032 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0582. CVE-2014-0589 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0589.html CVE-2014-0589 https://bugzilla.suse.com/905032 SUSE Bug 905032 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0586. CVE-2014-0590 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-0590.html CVE-2014-0590 https://bugzilla.suse.com/905032 SUSE Bug 905032 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors. CVE-2014-8437 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-8437.html CVE-2014-8437 https://bugzilla.suse.com/905032 SUSE Bug 905032 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-0588. CVE-2014-8438 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-8438.html CVE-2014-8438 https://bugzilla.suse.com/905032 SUSE Bug 905032 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441. CVE-2014-8440 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-8440.html CVE-2014-8440 https://bugzilla.suse.com/905032 SUSE Bug 905032 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440. CVE-2014-8441 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-8441.html CVE-2014-8441 https://bugzilla.suse.com/905032 SUSE Bug 905032 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions. CVE-2014-8442 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2014-8442.html CVE-2014-8442 https://bugzilla.suse.com/905032 SUSE Bug 905032 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. CVE-2015-0331 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0331.html CVE-2015-0331 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0333, CVE-2015-0335, and CVE-2015-0339. CVE-2015-0332 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0332.html CVE-2015-0332 https://bugzilla.suse.com/922033 SUSE Bug 922033 https://bugzilla.suse.com/922296 SUSE Bug 922296 Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0359. CVE-2015-0346 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0346.html CVE-2015-0346 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0347 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0347.html CVE-2015-0347 https://bugzilla.suse.com/927089 SUSE Bug 927089 Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors. CVE-2015-0348 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0348.html CVE-2015-0348 https://bugzilla.suse.com/927089 SUSE Bug 927089 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039. CVE-2015-0349 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0349.html CVE-2015-0349 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0350 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0350.html CVE-2015-0350 https://bugzilla.suse.com/927089 SUSE Bug 927089 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and CVE-2015-3039. CVE-2015-0351 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0351.html CVE-2015-0351 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0352 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0352.html CVE-2015-0352 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0353 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0353.html CVE-2015-0353 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0354 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0354.html CVE-2015-0354 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0355 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0355.html CVE-2015-0355 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion." CVE-2015-0356 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0356.html CVE-2015-0356 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3040. CVE-2015-0357 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0357.html CVE-2015-0357 https://bugzilla.suse.com/927089 SUSE Bug 927089 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039. CVE-2015-0358 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0358.html CVE-2015-0358 https://bugzilla.suse.com/927089 SUSE Bug 927089 Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346. CVE-2015-0359 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0359.html CVE-2015-0359 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-0360 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-0360.html CVE-2015-0360 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. CVE-2015-3038 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-3038.html CVE-2015-3038 https://bugzilla.suse.com/927089 SUSE Bug 927089 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358. CVE-2015-3039 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-3039.html CVE-2015-3039 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357. CVE-2015-3040 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-3040.html CVE-2015-3040 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043. CVE-2015-3041 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-3041.html CVE-2015-3041 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043. CVE-2015-3042 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-3042.html CVE-2015-3042 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042. CVE-2015-3043 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-3043.html CVE-2015-3043 https://bugzilla.suse.com/927089 SUSE Bug 927089 Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. CVE-2015-3044 openSUSE Evergreen 11.4:flash-player-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-gnome-11.2.202.457-158.1 openSUSE Evergreen 11.4:flash-player-kde4-11.2.202.457-158.1 important 4.3 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://www.suse.com/security/cve/CVE-2015-3044.html CVE-2015-3044 https://bugzilla.suse.com/927089 SUSE Bug 927089 https://bugzilla.suse.com/930677 SUSE Bug 930677