Bug 998589

Summary: VUL-0: flash-player: version update 11.2.202.635
Product: [Novell Products] SUSE Security Incidents Reporter: Stanislav Brabec <sbrabec>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: astieger
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:SUSE:CVE-2016-4237:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4182:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6930:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4278:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:SUSE:CVE-2016-6925:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4237:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6927:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4238:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4285:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4287:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4280:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4276:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6931:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4283:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4238:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6922:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6932:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4272:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4284:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4274:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4279:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6921:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4281:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6929:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6924:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4282:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6923:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4275:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4271:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:SUSE:CVE-2016-6926:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4277:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:SUSE:CVE-2016-4182:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4278:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6926:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4276:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4283:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6925:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6927:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4274:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4277:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4279:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6924:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4275:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4285:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6931:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6929:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4272:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6922:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6932:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6921:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6930:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4284:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4281:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4271:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4282:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4280:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4287:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6923:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:ZDI:CVE-2016-4279:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:ZDI:CVE-2016-4276:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Stanislav Brabec 2016-09-13 11:52:19 UTC
Adobe just released Flash Player version 11.2.202.635 for Linux.

There is no security advisory available yet:
https://helpx.adobe.com/security.html#flashplayer
Comment 2 Andreas Stieger 2016-09-13 18:21:24 UTC
CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2016-4287). 
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932). 
These updates resolve security bypass vulnerabilities that could lead to information disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278). 
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924).
Comment 3 Bernhard Wiedemann 2016-09-13 20:00:44 UTC
This is an autogenerated message for OBS integration:
This bug (998589) was mentioned in
https://build.opensuse.org/request/show/427337 13.2:NonFree / flash-player
https://build.opensuse.org/request/show/427342 13.1:NonFree / flash-player
Comment 5 Swamp Workflow Management 2016-09-14 19:09:12 UTC
openSUSE-SU-2016:2308-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 977664,998589
CVE References: CVE-2016-4182,CVE-2016-4237,CVE-2016-4238,CVE-2016-4271,CVE-2016-4272,CVE-2016-4274,CVE-2016-4275,CVE-2016-4276,CVE-2016-4277,CVE-2016-4278,CVE-2016-4279,CVE-2016-4280,CVE-2016-4281,CVE-2016-4282,CVE-2016-4283,CVE-2016-4284,CVE-2016-4285,CVE-2016-4287,CVE-2016-6921,CVE-2016-6922,CVE-2016-6923,CVE-2016-6924,CVE-2016-6925,CVE-2016-6926,CVE-2016-6927,CVE-2016-6929,CVE-2016-6930,CVE-2016-6931,CVE-2016-6932
Sources used:
openSUSE 13.2 NonFree (src):    flash-player-11.2.202.635-2.108.1
Comment 6 Andreas Stieger 2016-09-15 09:18:20 UTC
all done
Comment 7 Swamp Workflow Management 2016-09-15 12:11:45 UTC
SUSE-SU-2016:2312-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 998589
CVE References: CVE-2016-4182,CVE-2016-4237,CVE-2016-4238,CVE-2016-4271,CVE-2016-4272,CVE-2016-4274,CVE-2016-4275,CVE-2016-4276,CVE-2016-4277,CVE-2016-4278,CVE-2016-4279,CVE-2016-4280,CVE-2016-4281,CVE-2016-4282,CVE-2016-4283,CVE-2016-4284,CVE-2016-4285,CVE-2016-4287,CVE-2016-6921,CVE-2016-6922,CVE-2016-6923,CVE-2016-6924,CVE-2016-6925,CVE-2016-6926,CVE-2016-6927,CVE-2016-6929,CVE-2016-6930,CVE-2016-6931,CVE-2016-6932
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    flash-player-11.2.202.635-140.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    flash-player-11.2.202.635-140.1
Comment 8 Swamp Workflow Management 2016-09-25 10:11:03 UTC
openSUSE-SU-2016:2376-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 977664,998589
CVE References: CVE-2016-4182,CVE-2016-4237,CVE-2016-4238,CVE-2016-4271,CVE-2016-4272,CVE-2016-4274,CVE-2016-4275,CVE-2016-4276,CVE-2016-4277,CVE-2016-4278,CVE-2016-4279,CVE-2016-4280,CVE-2016-4281,CVE-2016-4282,CVE-2016-4283,CVE-2016-4284,CVE-2016-4285,CVE-2016-4287,CVE-2016-6921,CVE-2016-6922,CVE-2016-6923,CVE-2016-6924,CVE-2016-6925,CVE-2016-6926,CVE-2016-6927,CVE-2016-6929,CVE-2016-6930,CVE-2016-6931,CVE-2016-6932
Sources used:
openSUSE 13.1 NonFree (src):    flash-player-11.2.202.635-171.1