openSUSE Security Update : flash-player (openSUSE-SU-2011:1060-1)
High Nessus Plugin ID 75838
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update resolves a universal cross-site scripting issue that could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website (CVE-2011-2444).
Note: There are reports that this issue is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.
This update resolves an AVM stack overflow issue that may allow for remote code execution. (CVE-2011-2426).
This update resolves an AVM stack overflow issue that may lead to denial of service and code execution. (CVE-2011-2427).
This update resolves a logic error issue which causes a browser crash and may lead to code execution. (CVE-2011- 2428).
This update resolves a Flash Player security control bypass which could allow information disclosure. (CVE-2011-2429).
This update resolves a streaming media logic error vulnerability which could lead to code execution. (CVE-2011-2430).
SolutionUpdate the affected flash-player package.