Bug 998589

Summary:	VUL-0: flash-player: version update 11.2.202.635
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Stanislav Brabec <sbrabec>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P5 - None	CC:	astieger
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
Whiteboard:	CVSSv2:SUSE:CVE-2016-4237:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4182:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6930:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4278:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:SUSE:CVE-2016-6925:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4237:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6927:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4238:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4285:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4287:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4280:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4276:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6931:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4283:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4238:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6922:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6932:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4272:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4284:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4274:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4279:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6921:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4281:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6929:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6924:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4282:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-6923:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4275:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4271:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:SUSE:CVE-2016-6926:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-4277:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:SUSE:CVE-2016-4182:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4278:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6926:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4276:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4283:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6925:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6927:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4274:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4277:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4279:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6924:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4275:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4285:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6931:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6929:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4272:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6922:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6932:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6921:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6930:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4284:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4281:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4271:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4282:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4280:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-4287:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-6923:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:ZDI:CVE-2016-4279:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:ZDI:CVE-2016-4276:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Stanislav Brabec 2016-09-13 11:52:19 UTC

Adobe just released Flash Player version 11.2.202.635 for Linux.

There is no security advisory available yet:
https://helpx.adobe.com/security.html#flashplayer

Comment 1 Stanislav Brabec 2016-09-13 16:28:57 UTC

https://helpx.adobe.com/content/help/en/security/products/flash-player/apsb16-29.html

Comment 2 Andreas Stieger 2016-09-13 18:21:24 UTC

CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2016-4287). 
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932). 
These updates resolve security bypass vulnerabilities that could lead to information disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278). 
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924).

Comment 3 Bernhard Wiedemann 2016-09-13 20:00:44 UTC

This is an autogenerated message for OBS integration:
This bug (998589) was mentioned in
https://build.opensuse.org/request/show/427337 13.2:NonFree / flash-player
https://build.opensuse.org/request/show/427342 13.1:NonFree / flash-player

Comment 5 Swamp Workflow Management 2016-09-14 19:09:12 UTC

openSUSE-SU-2016:2308-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 977664,998589
CVE References: CVE-2016-4182,CVE-2016-4237,CVE-2016-4238,CVE-2016-4271,CVE-2016-4272,CVE-2016-4274,CVE-2016-4275,CVE-2016-4276,CVE-2016-4277,CVE-2016-4278,CVE-2016-4279,CVE-2016-4280,CVE-2016-4281,CVE-2016-4282,CVE-2016-4283,CVE-2016-4284,CVE-2016-4285,CVE-2016-4287,CVE-2016-6921,CVE-2016-6922,CVE-2016-6923,CVE-2016-6924,CVE-2016-6925,CVE-2016-6926,CVE-2016-6927,CVE-2016-6929,CVE-2016-6930,CVE-2016-6931,CVE-2016-6932
Sources used:
openSUSE 13.2 NonFree (src):    flash-player-11.2.202.635-2.108.1

Comment 6 Andreas Stieger 2016-09-15 09:18:20 UTC

all done

Comment 7 Swamp Workflow Management 2016-09-15 12:11:45 UTC

SUSE-SU-2016:2312-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 998589
CVE References: CVE-2016-4182,CVE-2016-4237,CVE-2016-4238,CVE-2016-4271,CVE-2016-4272,CVE-2016-4274,CVE-2016-4275,CVE-2016-4276,CVE-2016-4277,CVE-2016-4278,CVE-2016-4279,CVE-2016-4280,CVE-2016-4281,CVE-2016-4282,CVE-2016-4283,CVE-2016-4284,CVE-2016-4285,CVE-2016-4287,CVE-2016-6921,CVE-2016-6922,CVE-2016-6923,CVE-2016-6924,CVE-2016-6925,CVE-2016-6926,CVE-2016-6927,CVE-2016-6929,CVE-2016-6930,CVE-2016-6931,CVE-2016-6932
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    flash-player-11.2.202.635-140.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    flash-player-11.2.202.635-140.1

Comment 8 Swamp Workflow Management 2016-09-25 10:11:03 UTC

openSUSE-SU-2016:2376-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 977664,998589
CVE References: CVE-2016-4182,CVE-2016-4237,CVE-2016-4238,CVE-2016-4271,CVE-2016-4272,CVE-2016-4274,CVE-2016-4275,CVE-2016-4276,CVE-2016-4277,CVE-2016-4278,CVE-2016-4279,CVE-2016-4280,CVE-2016-4281,CVE-2016-4282,CVE-2016-4283,CVE-2016-4284,CVE-2016-4285,CVE-2016-4287,CVE-2016-6921,CVE-2016-6922,CVE-2016-6923,CVE-2016-6924,CVE-2016-6925,CVE-2016-6926,CVE-2016-6927,CVE-2016-6929,CVE-2016-6930,CVE-2016-6931,CVE-2016-6932
Sources used:
openSUSE 13.1 NonFree (src):    flash-player-11.2.202.635-171.1