Articles / SuSE: New flash-player pack…

SuSE: New flash-player packages fix remote denial of service

This update of the Adobe Flash player resolves multiple buffer overflow, integer overflow, and memory corruption vulnerabilities that could lead to code execution. Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for flash-player
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0894-1
Rating:             critical
References:         #711427 
Cross-References:   CVE-2011-2130 CVE-2011-2134 CVE-2011-2135
                   CVE-2011-2136 CVE-2011-2137 CVE-2011-2138
                   CVE-2011-2139 CVE-2011-2140 CVE-2011-2414
                   CVE-2011-2415 CVE-2011-2416 CVE-2011-2417
                   CVE-2011-2425
Affected Products:
                   SUSE Linux Enterprise Desktop 11 SP1
                   SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________

  An update that fixes 13 vulnerabilities is now available.
  It includes one version update.

Description:


  The update to Flash-Player 10.3.188.5 fixes various
  security issues:

  * CVE-2011-2130: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)
  * CVE-2011-2134: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)
  * CVE-2011-2135: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)
  * CVE-2011-2136: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)
  * CVE-2011-2137: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)
  * CVE-2011-2138: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)
  * CVE-2011-2139: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)
  * CVE-2011-2140: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)
  * CVE-2011-2414: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)
  * CVE-2011-2415: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)
  * CVE-2011-2416: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)
  * CVE-2011-2417: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)
  * CVE-2011-2425: CVSS v2 Base Score: 6.8
  (AV:N/AC:M/Au:N/C:P/I:P/A:P)

  This update resolves a buffer overflow vulnerability that
  could lead to  code execution (CVE-2011-2130).

  This update resolves a buffer overflow vulnerability that
  could lead to  code execution (CVE-2011-2134).

  This update resolves a memory corruption vulnerability that
  could lead to  code execution (CVE-2011-2135).

  This update resolves an integer overflow vulnerability that
  could lead to  code execution (CVE-2011-2136).

  This update resolves a buffer overflow vulnerability that
  could lead to  code execution (CVE-2011-2137).

  This update resolves an integer overflow vulnerability that
  could lead to  code execution (CVE-2011-2138).

  This update resolves a cross-site information disclosure
  vulnerability that  could lead to code execution
  (CVE-2011-2139).

  This update resolves a memory corruption vulnerability that
  could lead to  code execution (CVE-2011-2140).

  This update resolves a buffer overflow vulnerability that
  could lead to  code execution (CVE-2011-2414).

  This update resolves a buffer overflow vulnerability that
  could lead to  code execution (CVE-2011-2415).

  This update resolves an integer overflow vulnerability that
  could lead to  code execution (CVE-2011-2416).

  This update resolves a memory corruption vulnerability that
  could lead to  code execution (CVE-2011-2417).

  This update resolves a memory corruption vulnerability that
  could lead to  code execution (CVE-2011-2425).

  Security Issue references:

  * CVE-2011-2130
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2130

  * CVE-2011-2134
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2134

  * CVE-2011-2135
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2135

  * CVE-2011-2136
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2136

  * CVE-2011-2137
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2137

  * CVE-2011-2138
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2138

  * CVE-2011-2139
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2139

  * CVE-2011-2140
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2140

  * CVE-2011-2414
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2414

  * CVE-2011-2415
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2415

  * CVE-2011-2416
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2416

  * CVE-2011-2417
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2417

  * CVE-2011-2425
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2425


Indications:

  Please update.

Patch Instructions:

  To install this SUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - SUSE Linux Enterprise Desktop 11 SP1:

     zypper in -t patch sledsp1-flash-player-4973

  To bring your system up-to-date, use "zypper patch".


Package List:

  - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 10.3.183.5]:

     flash-player-10.3.183.5-0.2.1

  - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 10.3.183.5]:

     flash-player-10.3.183.5-0.5.1


References:

  http://support.novell.com/security/cve/CVE-2011-2130.html
  http://support.novell.com/security/cve/CVE-2011-2134.html
  http://support.novell.com/security/cve/CVE-2011-2135.html
  http://support.novell.com/security/cve/CVE-2011-2136.html
  http://support.novell.com/security/cve/CVE-2011-2137.html
  http://support.novell.com/security/cve/CVE-2011-2138.html
  http://support.novell.com/security/cve/CVE-2011-2139.html
  http://support.novell.com/security/cve/CVE-2011-2140.html
  http://support.novell.com/security/cve/CVE-2011-2414.html
  http://support.novell.com/security/cve/CVE-2011-2415.html
  http://support.novell.com/security/cve/CVE-2011-2416.html
  http://support.novell.com/security/cve/CVE-2011-2417.html
  http://support.novell.com/security/cve/CVE-2011-2425.html
  https://bugzilla.novell.com/711427
  http://download.novell.com/patch/finder/?keywords=377e091a105e9d540a2a90f09cff0a10
  http://download.novell.com/patch/finder/?keywords=7c71e4aec6afd72e6b40f8cf2817e900
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.