Security update for flash-player SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0237-1 Final 1 1 2015-02-06T16:45:49Z current 2015-02-06T16:45:49Z 2015-02-06T16:45:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for flash-player flash-player was updated to version 11.2.202.442 to fix 18 security issues. These security issues were fixed: - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317, CVE-2015-0319). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323, CVE-2015-0327). - Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324). - Null pointer dereference issues (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). More information is available at https://helpx.adobe.com/security/products/flash-player/apsb15-04.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html E-Mail link for openSUSE-SU-2015:0237-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 NonFree flash-player-11.2.202.442-2.33.1 flash-player-gnome-11.2.202.442-2.33.1 flash-player-kde4-11.2.202.442-2.33.1 flash-player-11.2.202.442-2.33.1 as a component of openSUSE 13.2 NonFree flash-player-gnome-11.2.202.442-2.33.1 as a component of openSUSE 13.2 NonFree flash-player-kde4-11.2.202.442-2.33.1 as a component of openSUSE 13.2 NonFree Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. CVE-2015-0313 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0313.html CVE-2015-0313 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/916374 SUSE Bug 916374 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330. CVE-2015-0314 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0314.html CVE-2015-0314 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0320, and CVE-2015-0322. CVE-2015-0315 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0315.html CVE-2015-0315 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330. CVE-2015-0316 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0316.html CVE-2015-0316 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0319. CVE-2015-0317 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0317.html CVE-2015-0317 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330. CVE-2015-0318 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0318.html CVE-2015-0318 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0317. CVE-2015-0319 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0319.html CVE-2015-0319 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0322. CVE-2015-0320 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0320.html CVE-2015-0320 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0329, and CVE-2015-0330. CVE-2015-0321 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0321.html CVE-2015-0321 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0320. CVE-2015-0322 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0322.html CVE-2015-0322 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0327. CVE-2015-0323 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0323.html CVE-2015-0323 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors. CVE-2015-0324 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0324.html CVE-2015-0324 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0326 and CVE-2015-0328. CVE-2015-0325 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0325.html CVE-2015-0325 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0328. CVE-2015-0326 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0326.html CVE-2015-0326 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0323. CVE-2015-0327 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0327.html CVE-2015-0327 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0326. CVE-2015-0328 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0328.html CVE-2015-0328 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0330. CVE-2015-0329 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0329.html CVE-2015-0329 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033 Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0329. CVE-2015-0330 openSUSE 13.2 NonFree:flash-player-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.442-2.33.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.442-2.33.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html https://www.suse.com/security/cve/CVE-2015-0330.html CVE-2015-0330 https://bugzilla.suse.com/915918 SUSE Bug 915918 https://bugzilla.suse.com/922033 SUSE Bug 922033