openSUSE: 2016:2308-1 Important: Flash-Player Security Risks
opensuse
September 14, 2016
An update that fixes 29 vulnerabilities is now available
Description
This update for flash-player fixes the following security issues
(APSB16-29, boo#998589):
* integer overflow vulnerability that could lead to code execution
(CVE-2016-4287).
* use-after-free vulnerabilities that could lead to code execution
(CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923,
CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,
CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)
* security bypass vulnerabilities that could lead to information
disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278)
* memory corruption vulnerabilities that could lead to code execution
(CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274,
CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281,
CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,
CVE-2016-6922, CVE-2016-6924)
The package description was update to reflex that the stand-alone Flash is
no longer provided on x86_64 architectures...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2 NonFree:
zypper in -t patch openSUSE-2016-1083=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 13.2 NonFree (i586 x86_64):
flash-player-11.2.202.635-2.108.1
flash-player-gnome-11.2.202.635-2.108.1
flash-player-kde4-11.2.202.635-2.108.1
References
https://www.suse.com/security/cve/CVE-2016-4182.html
https://www.suse.com/security/cve/CVE-2016-4237.html
https://www.suse.com/security/cve/CVE-2016-4238.html
https://www.suse.com/security/cve/CVE-2016-4271.html
https://www.suse.com/security/cve/CVE-2016-4272.html
https://www.suse.com/security/cve/CVE-2016-4274.html
https://www.suse.com/security/cve/CVE-2016-4275.html
https://www.suse.com/security/cve/CVE-2016-4276.html
https://www.suse.com/security/cve/CVE-2016-4277.html
https://www.suse.com/security/cve/CVE-2016-4278.html
https://www.suse.com/security/cve/CVE-2016-4279.html
https://www.suse.com/security/cve/CVE-2016-4280.html
https://www.suse.com/security/cve/CVE-2016-4281.html
https://www.suse.com/security/cve/CVE-2016-4282.html
https://www.suse.com/security/cve/CVE-2016-4283.html
https://www.suse.com/security/cve/CVE-2016-4284.html
https://www.suse.com/security/cve/CVE-2016-4285.html
https://www.suse.com/security/cve/CVE-2016-4287.html
https://www.suse.com/security/cve/CVE-2016-6921.html
https://www....
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2016:2308-1
Rating: important
Affected Products:
openSUSE 13.2 NonFree
.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!