Bug 998589 - VUL-0: flash-player: version update 11.2.202.635
VUL-0: flash-player: version update 11.2.202.635
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2016-4237:6.8:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-13 11:52 UTC by Stanislav Brabec
Modified: 2016-10-11 22:21 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stanislav Brabec 2016-09-13 11:52:19 UTC
Adobe just released Flash Player version 11.2.202.635 for Linux.

There is no security advisory available yet:
https://helpx.adobe.com/security.html#flashplayer
Comment 2 Andreas Stieger 2016-09-13 18:21:24 UTC
CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2016-4287). 
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932). 
These updates resolve security bypass vulnerabilities that could lead to information disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278). 
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924).
Comment 3 Bernhard Wiedemann 2016-09-13 20:00:44 UTC
This is an autogenerated message for OBS integration:
This bug (998589) was mentioned in
https://build.opensuse.org/request/show/427337 13.2:NonFree / flash-player
https://build.opensuse.org/request/show/427342 13.1:NonFree / flash-player
Comment 5 Swamp Workflow Management 2016-09-14 19:09:12 UTC
openSUSE-SU-2016:2308-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 977664,998589
CVE References: CVE-2016-4182,CVE-2016-4237,CVE-2016-4238,CVE-2016-4271,CVE-2016-4272,CVE-2016-4274,CVE-2016-4275,CVE-2016-4276,CVE-2016-4277,CVE-2016-4278,CVE-2016-4279,CVE-2016-4280,CVE-2016-4281,CVE-2016-4282,CVE-2016-4283,CVE-2016-4284,CVE-2016-4285,CVE-2016-4287,CVE-2016-6921,CVE-2016-6922,CVE-2016-6923,CVE-2016-6924,CVE-2016-6925,CVE-2016-6926,CVE-2016-6927,CVE-2016-6929,CVE-2016-6930,CVE-2016-6931,CVE-2016-6932
Sources used:
openSUSE 13.2 NonFree (src):    flash-player-11.2.202.635-2.108.1
Comment 6 Andreas Stieger 2016-09-15 09:18:20 UTC
all done
Comment 7 Swamp Workflow Management 2016-09-15 12:11:45 UTC
SUSE-SU-2016:2312-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 998589
CVE References: CVE-2016-4182,CVE-2016-4237,CVE-2016-4238,CVE-2016-4271,CVE-2016-4272,CVE-2016-4274,CVE-2016-4275,CVE-2016-4276,CVE-2016-4277,CVE-2016-4278,CVE-2016-4279,CVE-2016-4280,CVE-2016-4281,CVE-2016-4282,CVE-2016-4283,CVE-2016-4284,CVE-2016-4285,CVE-2016-4287,CVE-2016-6921,CVE-2016-6922,CVE-2016-6923,CVE-2016-6924,CVE-2016-6925,CVE-2016-6926,CVE-2016-6927,CVE-2016-6929,CVE-2016-6930,CVE-2016-6931,CVE-2016-6932
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    flash-player-11.2.202.635-140.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    flash-player-11.2.202.635-140.1
Comment 8 Swamp Workflow Management 2016-09-25 10:11:03 UTC
openSUSE-SU-2016:2376-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 977664,998589
CVE References: CVE-2016-4182,CVE-2016-4237,CVE-2016-4238,CVE-2016-4271,CVE-2016-4272,CVE-2016-4274,CVE-2016-4275,CVE-2016-4276,CVE-2016-4277,CVE-2016-4278,CVE-2016-4279,CVE-2016-4280,CVE-2016-4281,CVE-2016-4282,CVE-2016-4283,CVE-2016-4284,CVE-2016-4285,CVE-2016-4287,CVE-2016-6921,CVE-2016-6922,CVE-2016-6923,CVE-2016-6924,CVE-2016-6925,CVE-2016-6926,CVE-2016-6927,CVE-2016-6929,CVE-2016-6930,CVE-2016-6931,CVE-2016-6932
Sources used:
openSUSE 13.1 NonFree (src):    flash-player-11.2.202.635-171.1