SUSE-SU-2016:3148-1

Security update to 24.0.0.186 (bsc#1015379) APSB16-39:
- These updates resolve use-after-free vulnerabilities that could have lead to code execution (CVE-2016-7872, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7892).
- These updates resolve buffer overflow vulnerabilities that could have lead to code execution (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870).
- These updates resolve memory corruption vulnerabilities that could have lead to code execution (CVE-2016-7871, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876).
- These updates resolve a security bypass vulnerability (CVE-2016-7890).
Keep standalone flashplayer at version 11, no newer version exists (INSECURE!).
Update EULA to version 24.0.

References

Affected packages

Name: flash-player
Purl: pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.0.0.186-152.1

{
    "binaries": [
        {
            "flash-player": "24.0.0.186-152.1",
            "flash-player-gnome": "24.0.0.186-152.1"
        }
    ]
}

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3148-1.json"

Name: flash-player
Purl: pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.0.0.186-152.1

{
    "binaries": [
        {
            "flash-player": "24.0.0.186-152.1",
            "flash-player-gnome": "24.0.0.186-152.1"
        }
    ]
}

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3148-1.json"