SuSE 11.3 Security Update : flash-player (SAT Patch Number 9958)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

flash-player was updated to version 11.2.202.418 to fix 18 security
issues :

- Memory corruption vulnerabilities that could lead to
code execution. (CVE-2014-0576 / CVE-2014-0581 /
CVE-2014-8440 / CVE-2014-8441)

- Use-after-free vulnerabilities that could lead to code
execution. (CVE-2014-0573 / CVE-2014-0588 /
CVE-2014-8438)

- A double free vulnerability that could lead to code
execution. (CVE-2014-0574)

- Type confusion vulnerabilities that could lead to code
execution. (CVE-2014-0577 / CVE-2014-0584 /
CVE-2014-0585 / CVE-2014-0586 / CVE-2014-0590)

- Heap buffer overflow vulnerabilities that could lead to
code execution. (CVE-2014-0582 / CVE-2014-0589)

- An information disclosure vulnerability that could be
exploited to disclose session tokens. (CVE-2014-8437)

- A heap buffer overflow vulnerability that could be
exploited to perform privilege escalation from low to
medium integrity level. (CVE-2014-0583)

- A permission issue that could be exploited to perform
privilege escalation from low to medium integrity level
(CVE-2014-8442). Further information can be found at
http://helpx.adobe.com/security/products/flash-player/ap
sb14-24.html .

See also :

https://bugzilla.novell.com/show_bug.cgi?id=905032
http://support.novell.com/security/cve/CVE-2014-0573.html
http://support.novell.com/security/cve/CVE-2014-0574.html
http://support.novell.com/security/cve/CVE-2014-0576.html
http://support.novell.com/security/cve/CVE-2014-0577.html
http://support.novell.com/security/cve/CVE-2014-0581.html
http://support.novell.com/security/cve/CVE-2014-0582.html
http://support.novell.com/security/cve/CVE-2014-0583.html
http://support.novell.com/security/cve/CVE-2014-0584.html
http://support.novell.com/security/cve/CVE-2014-0585.html
http://support.novell.com/security/cve/CVE-2014-0586.html
http://support.novell.com/security/cve/CVE-2014-0588.html
http://support.novell.com/security/cve/CVE-2014-0589.html
http://support.novell.com/security/cve/CVE-2014-0590.html
http://support.novell.com/security/cve/CVE-2014-8437.html
http://support.novell.com/security/cve/CVE-2014-8438.html
http://support.novell.com/security/cve/CVE-2014-8440.html
http://support.novell.com/security/cve/CVE-2014-8441.html
http://support.novell.com/security/cve/CVE-2014-8442.html

Solution :

Apply SAT patch number 9958.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now