Bug 1038281 - (CVE-2017-3068) VUL-0: flash-player: may 09 2017 release (ABSP17-15)
VUL-0: flash-player: may 09 2017 release (ABSP17-15)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P2 - High : Major
: ---
Assigned To: Stanislav Brabec
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2017-05-09 15:21 UTC by Marcus Meissner
Modified: 2017-06-08 13:29 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-05-09 15:21:35 UTC

Security updates available for Adobe Flash Player

Release date: May 9, 2017

Vulnerability identifier: APSB17-15

Priority: See table below

CVE number: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074 

Platform: Windows, Macintosh, Linux and Chrome OS

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  
Affected  versions


Vulnerability Details

    These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2017-3071). 
    These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074).


Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

    Jihui Lu of Tencent KeenLab (CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074) 
    Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero (CVE-2017-3068)
Comment 2 Swamp Workflow Management 2017-05-10 22:11:25 UTC
SUSE-SU-2017:1238-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1038281
CVE References: CVE-2017-3068,CVE-2017-3069,CVE-2017-3070,CVE-2017-3071,CVE-2017-3072,CVE-2017-3073,CVE-2017-3074
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    flash-player-
SUSE Linux Enterprise Desktop 12-SP1 (src):    flash-player-
Comment 3 Marcus Meissner 2017-05-15 13:04:13 UTC