Security update for flash-player
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:0990-1
Final
1
1
2017-04-12T11:53:51Z
current
2017-04-12T11:53:51Z
2017-04-12T11:53:51Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for flash-player
Adobe flash-player was updated to 25.0.0.148 to fix the following issues:
- Vulnerabilities fixed as advised under APSB17-10:
* Use-after-free vulnerabilities that could lead to code execution
(CVE-2017-3058, CVE-2017-3059, CVE-2017-3062, CVE-2017-3063).
* Resolve memory corruption vulnerabilities that could lead to code
execution (CVE-2017-3060, CVE-2017-3061, CVE-2017-3064).
- Details:
https://helpx.adobe.com/security/products/flash-player/apsb17-10.html
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-SP1-2017-576,SUSE-SLE-WE-12-SP1-2017-576
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20170990-1/
Link for SUSE-SU-2017:0990-1
https://lists.suse.com/pipermail/sle-security-updates/2017-April/002794.html
E-Mail link for SUSE-SU-2017:0990-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1033619
SUSE Bug 1033619
https://www.suse.com/security/cve/CVE-2017-3058/
SUSE CVE CVE-2017-3058 page
https://www.suse.com/security/cve/CVE-2017-3059/
SUSE CVE CVE-2017-3059 page
https://www.suse.com/security/cve/CVE-2017-3060/
SUSE CVE CVE-2017-3060 page
https://www.suse.com/security/cve/CVE-2017-3061/
SUSE CVE CVE-2017-3061 page
https://www.suse.com/security/cve/CVE-2017-3062/
SUSE CVE CVE-2017-3062 page
https://www.suse.com/security/cve/CVE-2017-3063/
SUSE CVE CVE-2017-3063 page
https://www.suse.com/security/cve/CVE-2017-3064/
SUSE CVE CVE-2017-3064 page
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP1
flash-player-25.0.0.148-165.1
flash-player-gnome-25.0.0.148-165.1
flash-player-25.0.0.148-165.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
flash-player-gnome-25.0.0.148-165.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
flash-player-25.0.0.148-165.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP1
flash-player-gnome-25.0.0.148-165.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP1
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3058
SUSE Linux Enterprise Desktop 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-25.0.0.148-165.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20170990-1/
https://www.suse.com/security/cve/CVE-2017-3058.html
CVE-2017-3058
https://bugzilla.suse.com/1033619
SUSE Bug 1033619
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3059
SUSE Linux Enterprise Desktop 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-25.0.0.148-165.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20170990-1/
https://www.suse.com/security/cve/CVE-2017-3059.html
CVE-2017-3059
https://bugzilla.suse.com/1033619
SUSE Bug 1033619
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3060
SUSE Linux Enterprise Desktop 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-25.0.0.148-165.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20170990-1/
https://www.suse.com/security/cve/CVE-2017-3060.html
CVE-2017-3060
https://bugzilla.suse.com/1033619
SUSE Bug 1033619
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3061
SUSE Linux Enterprise Desktop 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-25.0.0.148-165.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20170990-1/
https://www.suse.com/security/cve/CVE-2017-3061.html
CVE-2017-3061
https://bugzilla.suse.com/1033619
SUSE Bug 1033619
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3062
SUSE Linux Enterprise Desktop 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-25.0.0.148-165.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20170990-1/
https://www.suse.com/security/cve/CVE-2017-3062.html
CVE-2017-3062
https://bugzilla.suse.com/1033619
SUSE Bug 1033619
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3063
SUSE Linux Enterprise Desktop 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-25.0.0.148-165.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20170990-1/
https://www.suse.com/security/cve/CVE-2017-3063.html
CVE-2017-3063
https://bugzilla.suse.com/1033619
SUSE Bug 1033619
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3064
SUSE Linux Enterprise Desktop 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-25.0.0.148-165.1
SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-25.0.0.148-165.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20170990-1/
https://www.suse.com/security/cve/CVE-2017-3064.html
CVE-2017-3064
https://bugzilla.suse.com/1033619
SUSE Bug 1033619