Security update for flash-playerqemu

Announcement ID:	SUSE-SU-2016:2512-1
Rating:	important
References:	bsc#1003993 bsc#1004019
Cross-References:	CVE-2016-4273 CVE-2016-4286 CVE-2016-6981 CVE-2016-6982 CVE-2016-6983 CVE-2016-6984 CVE-2016-6985 CVE-2016-6986 CVE-2016-6987 CVE-2016-6989 CVE-2016-6990 CVE-2016-6992
CVSS scores:	CVE-2016-4273 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-4273 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-4286 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-6981 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-6981 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6982 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-6982 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6983 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-6983 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6984 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-6984 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6985 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-6985 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6986 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-6986 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6987 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-6987 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6989 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-6989 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6990 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-6990 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6992 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-6992 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP1

An update that solves 12 vulnerabilities can now be installed.

Description:

flash-player was updated to version 11.2.202.637 to fix the following issues (bsc#1004019):

CVE-2016-6992: A type confusion vulnerability that could lead to code execution. CVE-2016-6981, CVE-2016-6987: use-after-free vulnerabilities that could lead to code execution CVE-2016-4286: Security bypass vulnerability CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, CVE-2016-6990: Memory corruption vulnerabilities that could lead to code execution

Also the EULA was updated to version 23.0 (bsc#1003993).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP1
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1468=1
• SUSE Linux Enterprise Workstation Extension 12 SP1
  zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1468=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP1 (nosrc x86_64)
  • flash-player-11.2.202.637-143.1
• SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
  • flash-player-gnome-11.2.202.637-143.1
• SUSE Linux Enterprise Workstation Extension 12 SP1 (nosrc x86_64)
  • flash-player-11.2.202.637-143.1
• SUSE Linux Enterprise Workstation Extension 12 SP1 (x86_64)
  • flash-player-gnome-11.2.202.637-143.1

References:

• https://www.suse.com/security/cve/CVE-2016-4273.html
• https://www.suse.com/security/cve/CVE-2016-4286.html
• https://www.suse.com/security/cve/CVE-2016-6981.html
• https://www.suse.com/security/cve/CVE-2016-6982.html
• https://www.suse.com/security/cve/CVE-2016-6983.html
• https://www.suse.com/security/cve/CVE-2016-6984.html
• https://www.suse.com/security/cve/CVE-2016-6985.html
• https://www.suse.com/security/cve/CVE-2016-6986.html
• https://www.suse.com/security/cve/CVE-2016-6987.html
• https://www.suse.com/security/cve/CVE-2016-6989.html
• https://www.suse.com/security/cve/CVE-2016-6990.html
• https://www.suse.com/security/cve/CVE-2016-6992.html
• https://bugzilla.suse.com/show_bug.cgi?id=1003993
• https://bugzilla.suse.com/show_bug.cgi?id=1004019