SuSE 11.3 Security Update : flash-player (SAT Patch Number 10615)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

Adobe Flash Player was updated to version 11.2.202.457 to fix several
security issues that could have lead to remote code execution.

An exploit for CVE-2015-3043 was reported to exist in the wild.

The following vulnerabilities have been fixed :

- Memory corruption vulnerabilities that could have lead
to code execution. (CVE-2015-0347 / CVE-2015-0350 /
CVE-2015-0352 / CVE-2015-0353 / CVE-2015-0354 /
CVE-2015-0355 / CVE-2015-0360 / CVE-2015-3038 /
CVE-2015-3041 / CVE-2015-3042 / CVE-2015-3043)

- Type confusion vulnerability that could have lead to
code execution. (CVE-2015-0356)

- Buffer overflow vulnerability that could have lead to
code execution. (CVE-2015-0348)

- Use-after-free vulnerabilities that could have lead to
code execution. (CVE-2015-0349 / CVE-2015-0351 /
CVE-2015-0358 / CVE-2015-3039)

- Double-free vulnerabilities that could have lead to code
execution. (CVE-2015-0346 / CVE-2015-0359)

- Memory leak vulnerabilities that could have been used to
bypass ASLR. (CVE-2015-0357 / CVE-2015-3040)

- Security bypass vulnerability that could have lead to
information disclosure. (CVE-2015-3044)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=927089
http://support.novell.com/security/cve/CVE-2015-0346.html
http://support.novell.com/security/cve/CVE-2015-0347.html
http://support.novell.com/security/cve/CVE-2015-0348.html
http://support.novell.com/security/cve/CVE-2015-0349.html
http://support.novell.com/security/cve/CVE-2015-0350.html
http://support.novell.com/security/cve/CVE-2015-0351.html
http://support.novell.com/security/cve/CVE-2015-0352.html
http://support.novell.com/security/cve/CVE-2015-0353.html
http://support.novell.com/security/cve/CVE-2015-0354.html
http://support.novell.com/security/cve/CVE-2015-0355.html
http://support.novell.com/security/cve/CVE-2015-0356.html
http://support.novell.com/security/cve/CVE-2015-0357.html
http://support.novell.com/security/cve/CVE-2015-0358.html
http://support.novell.com/security/cve/CVE-2015-0359.html
http://support.novell.com/security/cve/CVE-2015-0360.html
http://support.novell.com/security/cve/CVE-2015-3038.html
http://support.novell.com/security/cve/CVE-2015-3039.html
http://support.novell.com/security/cve/CVE-2015-3040.html
http://support.novell.com/security/cve/CVE-2015-3041.html
http://support.novell.com/security/cve/CVE-2015-3042.html
http://support.novell.com/security/cve/CVE-2015-3043.html
http://support.novell.com/security/cve/CVE-2015-3044.html

Solution :

Apply SAT patch number 10615.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true