openSUSE Security Update: Security update for flash-player
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:1802-1
Rating:             important
References:         #988579 
Cross-References:   CVE-2016-4172 CVE-2016-4173 CVE-2016-4174
                    CVE-2016-4175 CVE-2016-4176 CVE-2016-4177
                    CVE-2016-4178 CVE-2016-4179 CVE-2016-4180
                    CVE-2016-4181 CVE-2016-4182 CVE-2016-4183
                    CVE-2016-4184 CVE-2016-4185 CVE-2016-4186
                    CVE-2016-4187 CVE-2016-4188 CVE-2016-4189
                    CVE-2016-4190 CVE-2016-4217 CVE-2016-4218
                    CVE-2016-4219 CVE-2016-4220 CVE-2016-4221
                    CVE-2016-4222 CVE-2016-4223 CVE-2016-4224
                    CVE-2016-4225 CVE-2016-4226 CVE-2016-4227
                    CVE-2016-4228 CVE-2016-4229 CVE-2016-4230
                    CVE-2016-4231 CVE-2016-4232 CVE-2016-4233
                    CVE-2016-4234 CVE-2016-4235 CVE-2016-4236
                    CVE-2016-4237 CVE-2016-4238 CVE-2016-4239
                    CVE-2016-4240 CVE-2016-4241 CVE-2016-4242
                    CVE-2016-4243 CVE-2016-4244 CVE-2016-4245
                    CVE-2016-4246 CVE-2016-4247 CVE-2016-4248
                    CVE-2016-4249
Affected Products:
                    openSUSE 13.1 NonFree
______________________________________________________________________________

   An update that fixes 52 vulnerabilities is now available.

Description:

   Adobe Flash Player was updated to 11.2.202.632 to fix many security issues
   tracked under the upstream advisory APSB16-25, allowing remote attackers   to execute arbitrary code when delivering specially crafted Flash content.

   The following vulnerabilities were fixed:

   - CVE-2016-4172: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4173: use-after-free vulnerability that could lead to code
     execution
   - CVE-2016-4174: use-after-free vulnerability that could lead to code
     execution
   - CVE-2016-4175: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4176: stack corruption vulnerability that could lead to code
     execution
   - CVE-2016-4177: stack corruption vulnerability that could lead to code
     execution
   - CVE-2016-4178: security bypass vulnerability that could lead to
     information disclosure
   - CVE-2016-4179: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4180: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4181: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4182: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4183: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4184: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4185: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4186: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4187: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4188: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4189: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4190: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4217: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4218: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4219: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4220: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4221: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4222: use-after-free vulnerability that could lead to code
     execution
   - CVE-2016-4223: type confusion vulnerability that could lead to code
     execution
   - CVE-2016-4224: type confusion vulnerability that could lead to code
     execution
   - CVE-2016-4225: type confusion vulnerability that could lead to code
     execution
   - CVE-2016-4226: use-after-free vulnerability that could lead to code
     execution
   - CVE-2016-4227: use-after-free vulnerability that could lead to code
     execution
   - CVE-2016-4228: use-after-free vulnerability that could lead to code
     execution
   - CVE-2016-4229: use-after-free vulnerability that could lead to code
     execution
   - CVE-2016-4230: use-after-free vulnerability that could lead to code
     execution
   - CVE-2016-4231: use-after-free vulnerability that could lead to code
     execution
   - CVE-2016-4232: memory leak vulnerability
   - CVE-2016-4233: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4234: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4235: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4236: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4237: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4238: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4239: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4240: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4241: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4242: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4243: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4244: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4245: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4246: memory corruption vulnerability that could lead to code
     execution
   - CVE-2016-4247: race condition vulnerability that could lead to
     information disclosure
   - CVE-2016-4248: use-after-free vulnerability that could lead to code
     execution
   - CVE-2016-4249: heap buffer overflow vulnerability that could lead to
     code execution


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.1 NonFree:

      zypper in -t patch 2016-870=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.1 NonFree (i586 x86_64):

      flash-player-11.2.202.632-168.1
      flash-player-gnome-11.2.202.632-168.1
      flash-player-kde4-11.2.202.632-168.1


References:

   https://www.suse.com/security/cve/CVE-2016-4172.html
   https://www.suse.com/security/cve/CVE-2016-4173.html
   https://www.suse.com/security/cve/CVE-2016-4174.html
   https://www.suse.com/security/cve/CVE-2016-4175.html
   https://www.suse.com/security/cve/CVE-2016-4176.html
   https://www.suse.com/security/cve/CVE-2016-4177.html
   https://www.suse.com/security/cve/CVE-2016-4178.html
   https://www.suse.com/security/cve/CVE-2016-4179.html
   https://www.suse.com/security/cve/CVE-2016-4180.html
   https://www.suse.com/security/cve/CVE-2016-4181.html
   https://www.suse.com/security/cve/CVE-2016-4182.html
   https://www.suse.com/security/cve/CVE-2016-4183.html
   https://www.suse.com/security/cve/CVE-2016-4184.html
   https://www.suse.com/security/cve/CVE-2016-4185.html
   https://www.suse.com/security/cve/CVE-2016-4186.html
   https://www.suse.com/security/cve/CVE-2016-4187.html
   https://www.suse.com/security/cve/CVE-2016-4188.html
   https://www.suse.com/security/cve/CVE-2016-4189.html
   https://www.suse.com/security/cve/CVE-2016-4190.html
   https://www.suse.com/security/cve/CVE-2016-4217.html
   https://www.suse.com/security/cve/CVE-2016-4218.html
   https://www.suse.com/security/cve/CVE-2016-4219.html
   https://www.suse.com/security/cve/CVE-2016-4220.html
   https://www.suse.com/security/cve/CVE-2016-4221.html
   https://www.suse.com/security/cve/CVE-2016-4222.html
   https://www.suse.com/security/cve/CVE-2016-4223.html
   https://www.suse.com/security/cve/CVE-2016-4224.html
   https://www.suse.com/security/cve/CVE-2016-4225.html
   https://www.suse.com/security/cve/CVE-2016-4226.html
   https://www.suse.com/security/cve/CVE-2016-4227.html
   https://www.suse.com/security/cve/CVE-2016-4228.html
   https://www.suse.com/security/cve/CVE-2016-4229.html
   https://www.suse.com/security/cve/CVE-2016-4230.html
   https://www.suse.com/security/cve/CVE-2016-4231.html
   https://www.suse.com/security/cve/CVE-2016-4232.html
   https://www.suse.com/security/cve/CVE-2016-4233.html
   https://www.suse.com/security/cve/CVE-2016-4234.html
   https://www.suse.com/security/cve/CVE-2016-4235.html
   https://www.suse.com/security/cve/CVE-2016-4236.html
   https://www.suse.com/security/cve/CVE-2016-4237.html
   https://www.suse.com/security/cve/CVE-2016-4238.html
   https://www.suse.com/security/cve/CVE-2016-4239.html
   https://www.suse.com/security/cve/CVE-2016-4240.html
   https://www.suse.com/security/cve/CVE-2016-4241.html
   https://www.suse.com/security/cve/CVE-2016-4242.html
   https://www.suse.com/security/cve/CVE-2016-4243.html
   https://www.suse.com/security/cve/CVE-2016-4244.html
   https://www.suse.com/security/cve/CVE-2016-4245.html
   https://www.suse.com/security/cve/CVE-2016-4246.html
   https://www.suse.com/security/cve/CVE-2016-4247.html
   https://www.suse.com/security/cve/CVE-2016-4248.html
   https://www.suse.com/security/cve/CVE-2016-4249.html
   https://bugzilla.suse.com/988579

openSUSE: 2016:1802-1: important: flash-player

July 14, 2016
An update that fixes 52 vulnerabilities is now available

Description

Adobe Flash Player was updated to 11.2.202.632 to fix many security issues tracked under the upstream advisory APSB16-25, allowing remote attackers to execute arbitrary code when delivering specially crafted Flash content. The following vulnerabilities were fixed: - CVE-2016-4172: memory corruption vulnerability that could lead to code execution - CVE-2016-4173: use-after-free vulnerability that could lead to code execution - CVE-2016-4174: use-after-free vulnerability that could lead to code execution - CVE-2016-4175: memory corruption vulnerability that could lead to code execution - CVE-2016-4176: stack corruption vulnerability that could lead to code execution - CVE-2016-4177: stack corruption vulnerability that could lead to code execution - CVE-2016-4178: security bypass vulnerability that could lead to information disclosure - CVE-2016-4179: memory corruption vulnerability that could lead to code execution - CVE-2016-4180: memory corruption vulnerability that could lead to code execution - CVE-2016-4181: memory corruption vulnerability that could lead to code execution - CVE-2016-4182: memory corruption vulnerability that could lead to code execution - CVE-2016-4183: memory corruption vulnerability that could lead to code execution - CVE-2016-4184: memory corruption vulnerability that could lead to code execution - CVE-2016-4185: memory corruption vulnerability that could lead to code execution - CVE-2016-4186: memory corruption vulnerability that could lead to code execution - CVE-2016-4187: memory corruption vulnerability that could lead to code execution - CVE-2016-4188: memory corruption vulnerability that could lead to code execution - CVE-2016-4189: memory corruption vulnerability that could lead to code execution - CVE-2016-4190: memory corruption vulnerability that could lead to code execution - CVE-2016-4217: memory corruption vulnerability that could lead to code execution - CVE-2016-4218: memory corruption vulnerability that could lead to code execution - CVE-2016-4219: memory corruption vulnerability that could lead to code execution - CVE-2016-4220: memory corruption vulnerability that could lead to code execution - CVE-2016-4221: memory corruption vulnerability that could lead to code execution - CVE-2016-4222: use-after-free vulnerability that could lead to code execution - CVE-2016-4223: type confusion vulnerability that could lead to code execution - CVE-2016-4224: type confusion vulnerability that could lead to code execution - CVE-2016-4225: type confusion vulnerability that could lead to code execution - CVE-2016-4226: use-after-free vulnerability that could lead to code execution - CVE-2016-4227: use-after-free vulnerability that could lead to code execution - CVE-2016-4228: use-after-free vulnerability that could lead to code execution - CVE-2016-4229: use-after-free vulnerability that could lead to code execution - CVE-2016-4230: use-after-free vulnerability that could lead to code execution - CVE-2016-4231: use-after-free vulnerability that could lead to code execution - CVE-2016-4232: memory leak vulnerability - CVE-2016-4233: memory corruption vulnerability that could lead to code execution - CVE-2016-4234: memory corruption vulnerability that could lead to code execution - CVE-2016-4235: memory corruption vulnerability that could lead to code execution - CVE-2016-4236: memory corruption vulnerability that could lead to code execution - CVE-2016-4237: memory corruption vulnerability that could lead to code execution - CVE-2016-4238: memory corruption vulnerability that could lead to code execution - CVE-2016-4239: memory corruption vulnerability that could lead to code execution - CVE-2016-4240: memory corruption vulnerability that could lead to code execution - CVE-2016-4241: memory corruption vulnerability that could lead to code execution - CVE-2016-4242: memory corruption vulnerability that could lead to code execution - CVE-2016-4243: memory corruption vulnerability that could lead to code execution - CVE-2016-4244: memory corruption vulnerability that could lead to code execution - CVE-2016-4245: memory corruption vulnerability that could lead to code execution - CVE-2016-4246: memory corruption vulnerability that could lead to code execution - CVE-2016-4247: race condition vulnerability that could lead to information disclosure - CVE-2016-4248: use-after-free vulnerability that could lead to code execution - CVE-2016-4249: heap buffer overflow vulnerability that could lead to code execution

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1 NonFree: zypper in -t patch 2016-870=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 13.1 NonFree (i586 x86_64): flash-player-11.2.202.632-168.1 flash-player-gnome-11.2.202.632-168.1 flash-player-kde4-11.2.202.632-168.1


References

https://www.suse.com/security/cve/CVE-2016-4172.html https://www.suse.com/security/cve/CVE-2016-4173.html https://www.suse.com/security/cve/CVE-2016-4174.html https://www.suse.com/security/cve/CVE-2016-4175.html https://www.suse.com/security/cve/CVE-2016-4176.html https://www.suse.com/security/cve/CVE-2016-4177.html https://www.suse.com/security/cve/CVE-2016-4178.html https://www.suse.com/security/cve/CVE-2016-4179.html https://www.suse.com/security/cve/CVE-2016-4180.html https://www.suse.com/security/cve/CVE-2016-4181.html https://www.suse.com/security/cve/CVE-2016-4182.html https://www.suse.com/security/cve/CVE-2016-4183.html https://www.suse.com/security/cve/CVE-2016-4184.html https://www.suse.com/security/cve/CVE-2016-4185.html https://www.suse.com/security/cve/CVE-2016-4186.html https://www.suse.com/security/cve/CVE-2016-4187.html https://www.suse.com/security/cve/CVE-2016-4188.html https://www.suse.com/security/cve/CVE-2016-4189.html https://www.suse.com/security/cve/CVE-2016-4190.html https://www.suse.com/security/cve/CVE-2016-4217.html https://www.suse.com/security/cve/CVE-2016-4218.html https://www.suse.com/security/cve/CVE-2016-4219.html https://www.suse.com/security/cve/CVE-2016-4220.html https://www.suse.com/security/cve/CVE-2016-4221.html https://www.suse.com/security/cve/CVE-2016-4222.html https://www.suse.com/security/cve/CVE-2016-4223.html https://www.suse.com/security/cve/CVE-2016-4224.html https://www.suse.com/security/cve/CVE-2016-4225.html https://www.suse.com/security/cve/CVE-2016-4226.html https://www.suse.com/security/cve/CVE-2016-4227.html https://www.suse.com/security/cve/CVE-2016-4228.html https://www.suse.com/security/cve/CVE-2016-4229.html https://www.suse.com/security/cve/CVE-2016-4230.html https://www.suse.com/security/cve/CVE-2016-4231.html https://www.suse.com/security/cve/CVE-2016-4232.html https://www.suse.com/security/cve/CVE-2016-4233.html https://www.suse.com/security/cve/CVE-2016-4234.html https://www.suse.com/security/cve/CVE-2016-4235.html https://www.suse.com/security/cve/CVE-2016-4236.html https://www.suse.com/security/cve/CVE-2016-4237.html https://www.suse.com/security/cve/CVE-2016-4238.html https://www.suse.com/security/cve/CVE-2016-4239.html https://www.suse.com/security/cve/CVE-2016-4240.html https://www.suse.com/security/cve/CVE-2016-4241.html https://www.suse.com/security/cve/CVE-2016-4242.html https://www.suse.com/security/cve/CVE-2016-4243.html https://www.suse.com/security/cve/CVE-2016-4244.html https://www.suse.com/security/cve/CVE-2016-4245.html https://www.suse.com/security/cve/CVE-2016-4246.html https://www.suse.com/security/cve/CVE-2016-4247.html https://www.suse.com/security/cve/CVE-2016-4248.html https://www.suse.com/security/cve/CVE-2016-4249.html https://bugzilla.suse.com/988579


Severity
Announcement ID: openSUSE-SU-2016:1802-1
Rating: important
Affected Products: openSUSE 13.1 NonFree .

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved