openSUSE Security Update : flash-player (openSUSE-2017-71)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update to Adobe Flash 24.0.0.194 fixes the following
vulnerabilities advised under APSB17-02 :

- security bypass vulnerability that could lead to
information disclosure (CVE-2017-2938)

- use-after-free vulnerabilities that could lead to code
execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937)

- heap buffer overflow vulnerabilities that could lead to
code execution (CVE-2017-2927, CVE-2017-2933,
CVE-2017-2934, CVE-2017-2935)

- memory corruption vulnerabilities that could lead to
code execution (CVE-2017-2925, CVE-2017-2926,
CVE-2017-2928, CVE-2017-2930, CVE-2017-2931)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1019129

Solution :

Update the affected flash-player packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now