Bug 711427 - VUL-0: Flash player 10.3.188.5 is available
VUL-0: Flash player 10.3.188.5 is available
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P2 - High : Critical
: ---
Assigned To: Security Team bot
Security Team bot
. maint:released:sle10-sp4:42578 main...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-08-10 07:38 UTC by Dirk Mueller
Modified: 2011-09-23 07:00 UTC (History)
1 user (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Mueller 2011-08-10 07:38:46 UTC
http://www.adobe.com/support/security/bulletins/apsb11-21.html

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.25 and earlier versions for Android.  These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.5. Users of Adobe Flash Player for Android 10.3.185.25 and earlier versions should update to Adobe Flash Player for Android 10.3.186.3. Users of Adobe AIR 2.7  for Windows and Macintosh, should update to 2.7.1 and users of AIR 2.7 for Android should update to Adobe AIR 2.7.1.1961.

Note: Adobe is not aware of any exploits 'in the wild' for the issues addressed in this update.

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2130).

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2134).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2135).

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2011-2136).

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2137).

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2011-2138).

This update resolves a cross-site information disclosure vulnerability that could lead to code execution (CVE-2011-2139).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2140).

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2414).

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2415).

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2011-2416).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2417).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2425).
Comment 1 Swamp Workflow Management 2011-08-10 07:41:56 UTC
The SWAMPID for this issue is 42574.
This issue was rated as critical.
Please submit fixed packages until 2011-08-12.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 Swamp Workflow Management 2011-08-11 13:34:46 UTC
Update released for: flash-player, flash-player-gnome, flash-player-kde4
Products:
openSUSE 11.3 (i586)
openSUSE 11.4 (i586)
Comment 3 Thomas Biege 2011-08-11 13:35:24 UTC
done
Comment 5 Swamp Workflow Management 2011-08-11 22:31:54 UTC
Update released for: flash-player
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
Comment 6 Swamp Workflow Management 2011-08-11 23:03:58 UTC
Update released for: flash-player, flash-player-gnome, flash-player-kde4
Products:
SLE-DESKTOP 11-SP1 (i386, x86_64)
Comment 7 Bernhard Wiedemann 2011-09-23 05:00:31 UTC
This is an autogenerated message for OBS integration:
This bug (711427) was mentioned in
https://build.opensuse.org/request/show/84547 Evergreen:11.1 / flash-player
Comment 8 Bernhard Wiedemann 2011-09-23 07:00:26 UTC
This is an autogenerated message for OBS integration:
This bug (711427) was mentioned in
https://build.opensuse.org/request/show/84548 Evergreen:11.1 / flash-player