Security update for Adobe Flash Player SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1047-1 Final 1 1 2015-06-10T11:54:34Z current 2015-06-10T11:54:34Z 2015-06-10T11:54:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Adobe Flash Player Adobe Flash Player was updated to 11.2.202.466 to fix multiple security issues. The following vulnerabilities were fixed: * CVE-2015-3096: bypass for CVE-2014-5333 * CVE-2015-3098: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure * CVE-2015-3099: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure * CVE-2015-3100: stack overflow vulnerability that could lead to code execution * CVE-2015-3102: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure * CVE-2015-3103: use-after-free vulnerabilities that could lead to code execution * CVE-2015-3104: integer overflow vulnerability that could lead to code execution * CVE-2015-3105: memory corruption vulnerability that could lead to code execution * CVE-2015-3106: use-after-free vulnerabilities that could lead to code execution * CVE-2015-3107: use-after-free vulnerabilities that could lead to code execution * CVE-2015-3108: memory leak vulnerability that could be used to bypass ASLR The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html E-Mail link for openSUSE-SU-2015:1047-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 NonFree flash-player-11.2.202.466-2.55.1 flash-player-gnome-11.2.202.466-2.55.1 flash-player-kde4-11.2.202.466-2.55.1 flash-player-11.2.202.466-2.55.1 as a component of openSUSE 13.2 NonFree flash-player-gnome-11.2.202.466-2.55.1 as a component of openSUSE 13.2 NonFree flash-player-kde4-11.2.202.466-2.55.1 as a component of openSUSE 13.2 NonFree Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass a CVE-2014-5333 protection mechanism via unspecified vectors. CVE-2015-3096 openSUSE 13.2 NonFree:flash-player-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.466-2.55.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html https://www.suse.com/security/cve/CVE-2015-3096.html CVE-2015-3096 https://bugzilla.suse.com/934088 SUSE Bug 934088 Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3099 and CVE-2015-3102. CVE-2015-3098 openSUSE 13.2 NonFree:flash-player-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.466-2.55.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html https://www.suse.com/security/cve/CVE-2015-3098.html CVE-2015-3098 https://bugzilla.suse.com/934088 SUSE Bug 934088 Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3102. CVE-2015-3099 openSUSE 13.2 NonFree:flash-player-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.466-2.55.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html https://www.suse.com/security/cve/CVE-2015-3099.html CVE-2015-3099 https://bugzilla.suse.com/934088 SUSE Bug 934088 Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. CVE-2015-3100 openSUSE 13.2 NonFree:flash-player-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.466-2.55.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html https://www.suse.com/security/cve/CVE-2015-3100.html CVE-2015-3100 https://bugzilla.suse.com/934088 SUSE Bug 934088 Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3099. CVE-2015-3102 openSUSE 13.2 NonFree:flash-player-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.466-2.55.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html https://www.suse.com/security/cve/CVE-2015-3102.html CVE-2015-3102 https://bugzilla.suse.com/934088 SUSE Bug 934088 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3106 and CVE-2015-3107. CVE-2015-3103 openSUSE 13.2 NonFree:flash-player-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.466-2.55.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html https://www.suse.com/security/cve/CVE-2015-3103.html CVE-2015-3103 https://bugzilla.suse.com/934088 SUSE Bug 934088 Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. CVE-2015-3104 openSUSE 13.2 NonFree:flash-player-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.466-2.55.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html https://www.suse.com/security/cve/CVE-2015-3104.html CVE-2015-3104 https://bugzilla.suse.com/934088 SUSE Bug 934088 Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2015-3105 openSUSE 13.2 NonFree:flash-player-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.466-2.55.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html https://www.suse.com/security/cve/CVE-2015-3105.html CVE-2015-3105 https://bugzilla.suse.com/934088 SUSE Bug 934088 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107. CVE-2015-3106 openSUSE 13.2 NonFree:flash-player-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.466-2.55.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html https://www.suse.com/security/cve/CVE-2015-3106.html CVE-2015-3106 https://bugzilla.suse.com/934088 SUSE Bug 934088 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106. CVE-2015-3107 openSUSE 13.2 NonFree:flash-player-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.466-2.55.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html https://www.suse.com/security/cve/CVE-2015-3107.html CVE-2015-3107 https://bugzilla.suse.com/934088 SUSE Bug 934088 https://bugzilla.suse.com/941239 SUSE Bug 941239 Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. CVE-2015-3108 openSUSE 13.2 NonFree:flash-player-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.466-2.55.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.466-2.55.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html https://www.suse.com/security/cve/CVE-2015-3108.html CVE-2015-3108 https://bugzilla.suse.com/934088 SUSE Bug 934088