openSUSE Security Update: Security update for flash-player
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:1306-1
Rating:             important
References:         #979422 
Cross-References:   CVE-2016-1006 CVE-2016-1011 CVE-2016-1012
                    CVE-2016-1013 CVE-2016-1014 CVE-2016-1015
                    CVE-2016-1016 CVE-2016-1017 CVE-2016-1018
                    CVE-2016-1019 CVE-2016-1020 CVE-2016-1021
                    CVE-2016-1022 CVE-2016-1023 CVE-2016-1024
                    CVE-2016-1025 CVE-2016-1026 CVE-2016-1027
                    CVE-2016-1028 CVE-2016-1029 CVE-2016-1030
                    CVE-2016-1031 CVE-2016-1032 CVE-2016-1033
                    CVE-2016-4117
Affected Products:
                    openSUSE 13.2 NonFree
______________________________________________________________________________

   An update that fixes 25 vulnerabilities is now available.

Description:


   This security update for flash-player to 11.2.202.621 fixes the following
   issues (boo#979422):

   A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player
   21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome
   OS. Successful exploitation could cause a crash and potentially allow an
   attacker to take control of the affected system. (APSA16-02)

   https://helpx.adobe.com/security/products/flash-player/apsa16-02.html

   Some CVEs were not listed in the last submission:
   * APSA16-01, APSB16-10, CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,
     CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016,
     CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020,
     CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024,
     CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,
     CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2 NonFree:

      zypper in -t patch openSUSE-2016-585=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.2 NonFree (i586 x86_64):

      flash-player-11.2.202.621-2.97.1
      flash-player-gnome-11.2.202.621-2.97.1
      flash-player-kde4-11.2.202.621-2.97.1


References:

   https://www.suse.com/security/cve/CVE-2016-1006.html
   https://www.suse.com/security/cve/CVE-2016-1011.html
   https://www.suse.com/security/cve/CVE-2016-1012.html
   https://www.suse.com/security/cve/CVE-2016-1013.html
   https://www.suse.com/security/cve/CVE-2016-1014.html
   https://www.suse.com/security/cve/CVE-2016-1015.html
   https://www.suse.com/security/cve/CVE-2016-1016.html
   https://www.suse.com/security/cve/CVE-2016-1017.html
   https://www.suse.com/security/cve/CVE-2016-1018.html
   https://www.suse.com/security/cve/CVE-2016-1019.html
   https://www.suse.com/security/cve/CVE-2016-1020.html
   https://www.suse.com/security/cve/CVE-2016-1021.html
   https://www.suse.com/security/cve/CVE-2016-1022.html
   https://www.suse.com/security/cve/CVE-2016-1023.html
   https://www.suse.com/security/cve/CVE-2016-1024.html
   https://www.suse.com/security/cve/CVE-2016-1025.html
   https://www.suse.com/security/cve/CVE-2016-1026.html
   https://www.suse.com/security/cve/CVE-2016-1027.html
   https://www.suse.com/security/cve/CVE-2016-1028.html
   https://www.suse.com/security/cve/CVE-2016-1029.html
   https://www.suse.com/security/cve/CVE-2016-1030.html
   https://www.suse.com/security/cve/CVE-2016-1031.html
   https://www.suse.com/security/cve/CVE-2016-1032.html
   https://www.suse.com/security/cve/CVE-2016-1033.html
   https://www.suse.com/security/cve/CVE-2016-4117.html
   https://bugzilla.suse.com/979422