Bugzilla – Bug 711427
VUL-0: Flash player 10.3.188.5 is available
Last modified: 2011-09-23 07:00:26 UTC
http://www.adobe.com/support/security/bulletins/apsb11-21.html Critical vulnerabilities have been identified in Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.25 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.5. Users of Adobe Flash Player for Android 10.3.185.25 and earlier versions should update to Adobe Flash Player for Android 10.3.186.3. Users of Adobe AIR 2.7 for Windows and Macintosh, should update to 2.7.1 and users of AIR 2.7 for Android should update to Adobe AIR 2.7.1.1961. Note: Adobe is not aware of any exploits 'in the wild' for the issues addressed in this update. This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2130). This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2134). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2135). This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2011-2136). This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2137). This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2011-2138). This update resolves a cross-site information disclosure vulnerability that could lead to code execution (CVE-2011-2139). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2140). This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2414). This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2415). This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2011-2416). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2417). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2425).
The SWAMPID for this issue is 42574. This issue was rated as critical. Please submit fixed packages until 2011-08-12. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Update released for: flash-player, flash-player-gnome, flash-player-kde4 Products: openSUSE 11.3 (i586) openSUSE 11.4 (i586)
done
http://www.heise.de/newsticker/meldung/Sicherheitsspezialist-Adobe-unterschlaegt-hunderte-Luecken-im-Flash-Player-Update-1321641.html http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_09.html
Update released for: flash-player Products: SLE-DESKTOP 10-SP4 (i386, x86_64)
Update released for: flash-player, flash-player-gnome, flash-player-kde4 Products: SLE-DESKTOP 11-SP1 (i386, x86_64)
This is an autogenerated message for OBS integration: This bug (711427) was mentioned in https://build.opensuse.org/request/show/84547 Evergreen:11.1 / flash-player
This is an autogenerated message for OBS integration: This bug (711427) was mentioned in https://build.opensuse.org/request/show/84548 Evergreen:11.1 / flash-player