Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.2715
SUSE Security Update: Security update for flash-player
14 November 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Adobe Flash Player
Publisher: Adobe
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2016-7865 CVE-2016-7864 CVE-2016-7863
CVE-2016-7862 CVE-2016-7861 CVE-2016-7860
CVE-2016-7859 CVE-2016-7858 CVE-2016-7857
Reference: ESB-2016.2689
ESB-2016.2681
ESB-2016.2680
Original Bulletin:
https://www.suse.com/support/update/announcement/2016/suse-su-20162778-1.html
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for flash-player
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2778-1
Rating: important
References: #1009217
Cross-References: CVE-2016-7857 CVE-2016-7858 CVE-2016-7859
CVE-2016-7860 CVE-2016-7861 CVE-2016-7862
CVE-2016-7863 CVE-2016-7864 CVE-2016-7865
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update to Adobe Flash Player 11.2.202.644 fixes the following
security issues:
- type confusion vulnerabilities that could lead to code execution
(CVE-2016-7860, CVE-2016-7861, CVE-2016-7865)
- use-after-free vulnerabilities that could lead to code execution
(CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7862,
CVE-2016-7863, CVE-2016-7864)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP1:
zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1643=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1643=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
flash-player-11.2.202.644-149.1
flash-player-gnome-11.2.202.644-149.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
flash-player-11.2.202.644-149.1
flash-player-gnome-11.2.202.644-149.1
References:
https://www.suse.com/security/cve/CVE-2016-7857.html
https://www.suse.com/security/cve/CVE-2016-7858.html
https://www.suse.com/security/cve/CVE-2016-7859.html
https://www.suse.com/security/cve/CVE-2016-7860.html
https://www.suse.com/security/cve/CVE-2016-7861.html
https://www.suse.com/security/cve/CVE-2016-7862.html
https://www.suse.com/security/cve/CVE-2016-7863.html
https://www.suse.com/security/cve/CVE-2016-7864.html
https://www.suse.com/security/cve/CVE-2016-7865.html
https://bugzilla.suse.com/1009217
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWCkyfIx+lLeg9Ub1AQiS2RAAlMPi14yeaopVSfe14p5oIGj0urHweP86
I2g9Z9hxWHYPO0+yKi6nFC2882Bf+iLDt1DvgbYT3ruDYoavq/GOAYIQKMrPf8lK
3aQWVGj7gRfof4dhxoOXRi8ox/WhUiHyDuK4WLG0tTJ/3HIJMd1XnR9eDh7lbms3
sQAKAhQyjQZryEKGE9C4A6r5Q9SFccr0oa1luLB1Yw8XqYLYEtEuie1RFgg0khE0
6ayQUc52iNG0GabxKIb7WPY+ltLW+GvcJSZPHLoDFK/oYuTI4tMWgWnGu0r/Mzje
MhkNyFAjXYmvwsWyLamAqi30sGCcPhK6IyNs4Jub+VfqhyDoJL+CHjOZEJCzBklJ
dnv5QhYEAwe0Zez4E8+Ri+EhGYKvmhMDzFCd5ACheGPKeQpzB2WhVIAsd35t+/aP
RaTJlgD3G68MTPXzmJSXBgkR1B2eW0mTq4HPAKURSBYi74i/73QbIsyYq/PWejHb
3ztIl9oUy9V4o39g9SHbp54oOULIrmJ6OrXRunjeS6LEiamJt0JEttsDvCq+rj2S
w9nt3d8ICZUp8dW8gX6Ugv049fWA5bfFXy/aOYSPBJSmM/iWivKjtQZa8ItYB3Zf
Nn8cHGJYAGd2ANTLwDRMhRvTYIBCdYvQzA9zRMNcRMpXlAAz1k9Nb5dkkUJaN0P7
PqkTtrEaPa8=
=/ZVN
-----END PGP SIGNATURE-----