Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.1552
SUSE Security Update: Security update for flash-player
20 June 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: flash-player
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2016-4171 CVE-2016-4166 CVE-2016-4156
CVE-2016-4155 CVE-2016-4154 CVE-2016-4153
CVE-2016-4152 CVE-2016-4151 CVE-2016-4150
CVE-2016-4149 CVE-2016-4148 CVE-2016-4147
CVE-2016-4146 CVE-2016-4145 CVE-2016-4144
CVE-2016-4143 CVE-2016-4142 CVE-2016-4141
CVE-2016-4140 CVE-2016-4139 CVE-2016-4138
CVE-2016-4137 CVE-2016-4136 CVE-2016-4135
CVE-2016-4134 CVE-2016-4133 CVE-2016-4132
CVE-2016-4131 CVE-2016-4130 CVE-2016-4129
CVE-2016-4128 CVE-2016-4127 CVE-2016-4125
CVE-2016-4124 CVE-2016-4123 CVE-2016-4122
Reference: ESB-2016.1532
ESB-2016.1507
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for flash-player
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1613-1
Rating: critical
References: #984695
Cross-References: CVE-2016-4122 CVE-2016-4123 CVE-2016-4124
CVE-2016-4125 CVE-2016-4127 CVE-2016-4128
CVE-2016-4129 CVE-2016-4130 CVE-2016-4131
CVE-2016-4132 CVE-2016-4133 CVE-2016-4134
CVE-2016-4135 CVE-2016-4136 CVE-2016-4137
CVE-2016-4138 CVE-2016-4139 CVE-2016-4140
CVE-2016-4141 CVE-2016-4142 CVE-2016-4143
CVE-2016-4144 CVE-2016-4145 CVE-2016-4146
CVE-2016-4147 CVE-2016-4148 CVE-2016-4149
CVE-2016-4150 CVE-2016-4151 CVE-2016-4152
CVE-2016-4153 CVE-2016-4154 CVE-2016-4155
CVE-2016-4156 CVE-2016-4166 CVE-2016-4171
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP1
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Desktop 12-SP1
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________
An update that fixes 36 vulnerabilities is now available.
Description:
Adobe flash-player was updated to 11.2.202.626 to fix the following
security issues:
Security update to 11.2.202.626 (boo#984695):
* APSB16-18, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125,
CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130,
CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134,
CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138,
CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142,
CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146,
CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150,
CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154,
CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171
Please see
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html for
more information.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP1:
zypper in -t patch SUSE-SLE-WE-12-SP1-2016-960=1
- SUSE Linux Enterprise Workstation Extension 12:
zypper in -t patch SUSE-SLE-WE-12-2016-960=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-960=1
- SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2016-960=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):
flash-player-11.2.202.626-133.1
flash-player-gnome-11.2.202.626-133.1
- SUSE Linux Enterprise Workstation Extension 12 (x86_64):
flash-player-11.2.202.626-133.1
flash-player-gnome-11.2.202.626-133.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
flash-player-11.2.202.626-133.1
flash-player-gnome-11.2.202.626-133.1
- SUSE Linux Enterprise Desktop 12 (x86_64):
flash-player-11.2.202.626-133.1
flash-player-gnome-11.2.202.626-133.1
References:
https://www.suse.com/security/cve/CVE-2016-4122.html
https://www.suse.com/security/cve/CVE-2016-4123.html
https://www.suse.com/security/cve/CVE-2016-4124.html
https://www.suse.com/security/cve/CVE-2016-4125.html
https://www.suse.com/security/cve/CVE-2016-4127.html
https://www.suse.com/security/cve/CVE-2016-4128.html
https://www.suse.com/security/cve/CVE-2016-4129.html
https://www.suse.com/security/cve/CVE-2016-4130.html
https://www.suse.com/security/cve/CVE-2016-4131.html
https://www.suse.com/security/cve/CVE-2016-4132.html
https://www.suse.com/security/cve/CVE-2016-4133.html
https://www.suse.com/security/cve/CVE-2016-4134.html
https://www.suse.com/security/cve/CVE-2016-4135.html
https://www.suse.com/security/cve/CVE-2016-4136.html
https://www.suse.com/security/cve/CVE-2016-4137.html
https://www.suse.com/security/cve/CVE-2016-4138.html
https://www.suse.com/security/cve/CVE-2016-4139.html
https://www.suse.com/security/cve/CVE-2016-4140.html
https://www.suse.com/security/cve/CVE-2016-4141.html
https://www.suse.com/security/cve/CVE-2016-4142.html
https://www.suse.com/security/cve/CVE-2016-4143.html
https://www.suse.com/security/cve/CVE-2016-4144.html
https://www.suse.com/security/cve/CVE-2016-4145.html
https://www.suse.com/security/cve/CVE-2016-4146.html
https://www.suse.com/security/cve/CVE-2016-4147.html
https://www.suse.com/security/cve/CVE-2016-4148.html
https://www.suse.com/security/cve/CVE-2016-4149.html
https://www.suse.com/security/cve/CVE-2016-4150.html
https://www.suse.com/security/cve/CVE-2016-4151.html
https://www.suse.com/security/cve/CVE-2016-4152.html
https://www.suse.com/security/cve/CVE-2016-4153.html
https://www.suse.com/security/cve/CVE-2016-4154.html
https://www.suse.com/security/cve/CVE-2016-4155.html
https://www.suse.com/security/cve/CVE-2016-4156.html
https://www.suse.com/security/cve/CVE-2016-4166.html
https://www.suse.com/security/cve/CVE-2016-4171.html
https://bugzilla.suse.com/984695
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBV2dX3Yx+lLeg9Ub1AQiNDg//aYEGmv0hsZnf+rIS+nvso6v5pyJ1Csl7
hGe2PWNwRpMIOAe/8wZ1nt8cuirDvcxBszw/duito47w+HeaSf0t7sfG/DFElS8O
5E6237zJNHe0/rEvXR7V+hRWrJ0kPdzDxBm9D42SxHd0jY5yAck7oV2x4dO59Slr
1ntuLMWVsNhUBIWg7BxkDgbEn+prgQ5k1NNFgD2SB8NoOOzrvBHtDK7X5bMmmPiQ
DRDud/ZauZ5M7DifReJOJHcN83eX7rdjgeT6YdLtyNyrbR3djbnmHglESWq5bjn6
IbaVoSh3KyvI8KIVOSylkaVSdUFtOVgLRy8LdYHEFSxMOShzcOtaw2nhmJMhRu83
qoDjLIckksBgsxo++Xj0WKFlVmekbMarTWYwHmx2LAPhyKvDUb2iQOFVh0uj2ivX
w7ae8UNmZSjet7TWQMxLHMoqlAxUwWqKVge4XaDbzKBB7jZ4taVggkIsOMdmrjQM
lNmKLoeQ7Y5bR/UOBegZM0b+6OT6u4EiPNg1HMVPVGj96vvVtzt7sST0cJGIOdWL
ZodADc2GfMVC6nX1s4gV/wJfsEo4gxSOIab23i5SyCeN52aBqd6mELKlMrGlvh1m
dghgCigRpkjlpCB82eTNZaRZizpfc7OpQ9QC9ZJ4Jc4/liITGwgqmzMwJ7lWPdLh
6qgabBY4Hbw=
=ZoQD
-----END PGP SIGNATURE-----