SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1064-1)

Critical Nessus Plugin ID 84207

Synopsis

The remote SUSE host is missing one or more security updates.

Description

Adobe Flash Player was updated to 11.2.202.466 to fix multiple security issues.

The following vulnerabilities were fixed :

CVE-2015-3096: bypass for CVE-2014-5333

CVE-2015-3098: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure

CVE-2015-3099: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure

CVE-2015-3100: stack overflow vulnerability that could lead to code execution

CVE-2015-3102: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure

CVE-2015-3103: use-after-free vulnerabilities that could lead to code execution

CVE-2015-3104: integer overflow vulnerability that could lead to code execution

CVE-2015-3105: memory corruption vulnerability that could lead to code execution

CVE-2015-3106: use-after-free vulnerabilities that could lead to code execution

CVE-2015-3107: use-after-free vulnerabilities that could lead to code execution

CVE-2015-3108: memory leak vulnerability that could be used to bypass ASLR

More information can be found on: <a href='https://helpx.adobe.com/security/products/flash-player/apsb15-11 .html'>https://helpx.adobe.com/security/products/flash-player/apsb15-1 1.html</a>

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Desktop 11 SP3 :

zypper in -t patch sledsp3-flash-player=10762

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=934088

http://www.nessus.org/u?a3593910

https://helpx.adobe.com/security/products/flash-player/apsb15-11.html

https://www.suse.com/security/cve/CVE-2015-3096/

https://www.suse.com/security/cve/CVE-2015-3098/

https://www.suse.com/security/cve/CVE-2015-3099/

https://www.suse.com/security/cve/CVE-2015-3100/

https://www.suse.com/security/cve/CVE-2015-3102/

https://www.suse.com/security/cve/CVE-2015-3103/

https://www.suse.com/security/cve/CVE-2015-3106/

https://www.suse.com/security/cve/CVE-2015-3107/

https://www.suse.com/security/cve/CVE-2015-3108/

http://www.nessus.org/u?27ba6106

Plugin Details

Severity: Critical

ID: 84207

File Name: suse_SU-2015-1064-1.nasl

Version: 2.20

Type: local

Agent: unix

Published: 2015/06/16

Updated: 2019/09/11

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:flash-player, p-cpe:/a:novell:suse_linux:flash-player-gnome, p-cpe:/a:novell:suse_linux:flash-player-kde4, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/06/15

Vulnerability Publication Date: 2014/08/19

Exploitable With

Core Impact

Metasploit (Adobe Flash Player Drawing Fill Shader Memory Corruption)

Reference Information

CVE: CVE-2014-5333, CVE-2015-3096, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108

BID: 69320, 75080, 75081, 75084, 75085, 75086, 75087, 75088