Security update for flash-player SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1306-1 Final 1 1 2016-05-16T20:17:58Z current 2016-05-16T20:17:58Z 2016-05-16T20:17:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for flash-player This security update for flash-player to 11.2.202.621 fixes the following issues (boo#979422): A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. (APSA16-02) https://helpx.adobe.com/security/products/flash-player/apsa16-02.html Some CVEs were not listed in the last submission: * APSA16-01, APSB16-10, CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html E-Mail link for openSUSE-SU-2016:1306-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 NonFree flash-player-11.2.202.621-2.97.1 flash-player-gnome-11.2.202.621-2.97.1 flash-player-kde4-11.2.202.621-2.97.1 flash-player-11.2.202.621-2.97.1 as a component of openSUSE 13.2 NonFree flash-player-gnome-11.2.202.621-2.97.1 as a component of openSUSE 13.2 NonFree flash-player-kde4-11.2.202.621-2.97.1 as a component of openSUSE 13.2 NonFree Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass the ASLR protection mechanism via JIT data. CVE-2016-1006 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 critical Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1006.html CVE-2016-1006 https://bugzilla.suse.com/974209 SUSE Bug 974209 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031. CVE-2016-1011 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1011.html CVE-2016-1011 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. CVE-2016-1012 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1012.html CVE-2016-1012 https://bugzilla.suse.com/974209 SUSE Bug 974209 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031. CVE-2016-1013 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1013.html CVE-2016-1013 https://bugzilla.suse.com/974209 SUSE Bug 974209 Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory. CVE-2016-1014 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1014.html CVE-2016-1014 https://bugzilla.suse.com/1020381 SUSE Bug 1020381 https://bugzilla.suse.com/1020429 SUSE Bug 1020429 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified "type confusion," a different vulnerability than CVE-2016-1019. CVE-2016-1015 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1015.html CVE-2016-1015 https://bugzilla.suse.com/1021129 SUSE Bug 1021129 https://bugzilla.suse.com/1024183 SUSE Bug 1024183 https://bugzilla.suse.com/974209 SUSE Bug 974209 Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1017, and CVE-2016-1031. CVE-2016-1016 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1016.html CVE-2016-1016 https://bugzilla.suse.com/1021364 SUSE Bug 1021364 https://bugzilla.suse.com/1021616 SUSE Bug 1021616 https://bugzilla.suse.com/974209 SUSE Bug 974209 Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031. CVE-2016-1017 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1017.html CVE-2016-1017 https://bugzilla.suse.com/1021740 SUSE Bug 1021740 https://bugzilla.suse.com/974209 SUSE Bug 974209 Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via crafted JPEG-XR data. CVE-2016-1018 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1018.html CVE-2016-1018 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016. CVE-2016-1019 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important 8.9 AV:N/AC:L/Au:N/C:C/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1019.html CVE-2016-1019 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. CVE-2016-1020 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1020.html CVE-2016-1020 https://bugzilla.suse.com/1023377 SUSE Bug 1023377 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. CVE-2016-1021 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1021.html CVE-2016-1021 https://bugzilla.suse.com/1024244 SUSE Bug 1024244 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. CVE-2016-1022 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1022.html CVE-2016-1022 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. CVE-2016-1023 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1023.html CVE-2016-1023 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. CVE-2016-1024 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1024.html CVE-2016-1024 https://bugzilla.suse.com/1029704 SUSE Bug 1029704 https://bugzilla.suse.com/1029705 SUSE Bug 1029705 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. CVE-2016-1025 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1025.html CVE-2016-1025 https://bugzilla.suse.com/1006836 SUSE Bug 1006836 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. CVE-2016-1026 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1026.html CVE-2016-1026 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. CVE-2016-1027 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1027.html CVE-2016-1027 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. CVE-2016-1028 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1028.html CVE-2016-1028 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1032, and CVE-2016-1033. CVE-2016-1029 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1029.html CVE-2016-1029 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass intended access restrictions via unspecified vectors. CVE-2016-1030 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1030.html CVE-2016-1030 https://bugzilla.suse.com/974209 SUSE Bug 974209 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017. CVE-2016-1031 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1031.html CVE-2016-1031 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1033. CVE-2016-1032 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1032.html CVE-2016-1032 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1032. CVE-2016-1033 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-1033.html CVE-2016-1033 https://bugzilla.suse.com/974209 SUSE Bug 974209 Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016. CVE-2016-4117 openSUSE 13.2 NonFree:flash-player-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-gnome-11.2.202.621-2.97.1 openSUSE 13.2 NonFree:flash-player-kde4-11.2.202.621-2.97.1 important 7.4 AV:N/AC:L/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html https://www.suse.com/security/cve/CVE-2016-4117.html CVE-2016-4117 https://bugzilla.suse.com/979422 SUSE Bug 979422 https://bugzilla.suse.com/984695 SUSE Bug 984695