Bug 935701 - (CVE-2015-3113) VUL-0: CVE-2015-3113: flash-player: 11.2.202.468 release
(CVE-2015-3113)
VUL-0: CVE-2015-3113: flash-player: 11.2.202.468 release
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle11-sp3:62105
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-06-23 06:33 UTC by Marcus Meissner
Modified: 2015-07-03 09:05 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-06-23 06:33:34 UTC
flash player 11.2.202.468  is being released today.
Comment 1 Swamp Workflow Management 2015-06-23 09:47:52 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-07-07.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62090
Comment 2 Marcus Meissner 2015-06-23 15:52:52 UTC
CVE-2015-3113

https://helpx.adobe.com/security/products/flash-player/apsb15-14.html

Release date: June 23, 2015

Vulnerability identifier: APSB15-14

Priority: See table below

CVE number: CVE-2015-3113

Platform: Windows, Macintosh and Linux
Summary

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.

...

These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2015-3113).
Comment 3 Stanislav Brabec 2015-06-23 16:14:34 UTC
openSUSE:Factory:NonFree: 
Result of change request state: ok">
  <summary>Ok</summary>
</status>

openSUSE:Factory:NonFree 
(forwarded request 313305 from sbrabec)
New request # 313306
openSUSE:Maintenance: Using target project 'openSUSE:Maintenance'
313307
SUSE:SLE-12:Update: Using target project 'SUSE:Maintenance'
60934
SUSE:SLE-11-SP1:Update:Test: created request id 60936

Report created by 6-flash-player-update-submit-all.sh.
Comment 4 Marcus Meissner 2015-06-24 09:19:31 UTC
(We either remember to also release this for SLED 11 SP4, or we just wait until the next round where it get included automatically. No action required.)
Comment 5 Swamp Workflow Management 2015-06-24 20:06:12 UTC
SUSE-SU-2015:1137-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 935701
CVE References: CVE-2015-3113
Sources used:
SUSE Linux Enterprise Desktop 11 SP3 (src):    flash-player-11.2.202.468-0.7.1
Comment 6 Andreas Stieger 2015-06-26 07:51:30 UTC
releasing for openSUSE
Comment 7 Swamp Workflow Management 2015-06-26 08:05:50 UTC
openSUSE-SU-2015:1148-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 935701
CVE References: CVE-2015-3113
Sources used:
Comment 8 Swamp Workflow Management 2015-07-03 09:05:28 UTC
openSUSE-SU-2015:1180-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 935701
CVE References: CVE-2015-3113
Sources used: