SUSE-SU-2016:2512-1

CVE-2016-6992: A type confusion vulnerability that could lead to code execution. CVE-2016-6981, CVE-2016-6987: use-after-free vulnerabilities that could lead to code execution CVE-2016-4286: Security bypass vulnerability CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, CVE-2016-6990: Memory corruption vulnerabilities that could lead to code execution

Also the EULA was updated to version 23.0 (bsc#1003993).

References

Affected packages

SUSE:Linux Enterprise Desktop 12 SP1 / flash-player

Package

Name: flash-player
Purl: pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.2.202.637-143.1

Ecosystem specific

{
    "binaries": [
        {
            "flash-player": "11.2.202.637-143.1",
            "flash-player-gnome": "11.2.202.637-143.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:2512-1.json"

SUSE:Linux Enterprise Workstation Extension 12 SP1 / flash-player

Package

Name: flash-player
Purl: pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.2.202.637-143.1

Ecosystem specific

{
    "binaries": [
        {
            "flash-player": "11.2.202.637-143.1",
            "flash-player-gnome": "11.2.202.637-143.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:2512-1.json"