Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1552 SUSE Security Update: Security update for flash-player 20 June 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: flash-player Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-4171 CVE-2016-4166 CVE-2016-4156 CVE-2016-4155 CVE-2016-4154 CVE-2016-4153 CVE-2016-4152 CVE-2016-4151 CVE-2016-4150 CVE-2016-4149 CVE-2016-4148 CVE-2016-4147 CVE-2016-4146 CVE-2016-4145 CVE-2016-4144 CVE-2016-4143 CVE-2016-4142 CVE-2016-4141 CVE-2016-4140 CVE-2016-4139 CVE-2016-4138 CVE-2016-4137 CVE-2016-4136 CVE-2016-4135 CVE-2016-4134 CVE-2016-4133 CVE-2016-4132 CVE-2016-4131 CVE-2016-4130 CVE-2016-4129 CVE-2016-4128 CVE-2016-4127 CVE-2016-4125 CVE-2016-4124 CVE-2016-4123 CVE-2016-4122 Reference: ESB-2016.1532 ESB-2016.1507 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1613-1 Rating: critical References: #984695 Cross-References: CVE-2016-4122 CVE-2016-4123 CVE-2016-4124 CVE-2016-4125 CVE-2016-4127 CVE-2016-4128 CVE-2016-4129 CVE-2016-4130 CVE-2016-4131 CVE-2016-4132 CVE-2016-4133 CVE-2016-4134 CVE-2016-4135 CVE-2016-4136 CVE-2016-4137 CVE-2016-4138 CVE-2016-4139 CVE-2016-4140 CVE-2016-4141 CVE-2016-4142 CVE-2016-4143 CVE-2016-4144 CVE-2016-4145 CVE-2016-4146 CVE-2016-4147 CVE-2016-4148 CVE-2016-4149 CVE-2016-4150 CVE-2016-4151 CVE-2016-4152 CVE-2016-4153 CVE-2016-4154 CVE-2016-4155 CVE-2016-4156 CVE-2016-4166 CVE-2016-4171 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 36 vulnerabilities is now available. Description: Adobe flash-player was updated to 11.2.202.626 to fix the following security issues: Security update to 11.2.202.626 (boo#984695): * APSB16-18, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171 Please see https://helpx.adobe.com/security/products/flash-player/apsb16-18.html for more information. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-960=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-960=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-960=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-960=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.626-133.1 flash-player-gnome-11.2.202.626-133.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.626-133.1 flash-player-gnome-11.2.202.626-133.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.626-133.1 flash-player-gnome-11.2.202.626-133.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.626-133.1 flash-player-gnome-11.2.202.626-133.1 References: https://www.suse.com/security/cve/CVE-2016-4122.html https://www.suse.com/security/cve/CVE-2016-4123.html https://www.suse.com/security/cve/CVE-2016-4124.html https://www.suse.com/security/cve/CVE-2016-4125.html https://www.suse.com/security/cve/CVE-2016-4127.html https://www.suse.com/security/cve/CVE-2016-4128.html https://www.suse.com/security/cve/CVE-2016-4129.html https://www.suse.com/security/cve/CVE-2016-4130.html https://www.suse.com/security/cve/CVE-2016-4131.html https://www.suse.com/security/cve/CVE-2016-4132.html https://www.suse.com/security/cve/CVE-2016-4133.html https://www.suse.com/security/cve/CVE-2016-4134.html https://www.suse.com/security/cve/CVE-2016-4135.html https://www.suse.com/security/cve/CVE-2016-4136.html https://www.suse.com/security/cve/CVE-2016-4137.html https://www.suse.com/security/cve/CVE-2016-4138.html https://www.suse.com/security/cve/CVE-2016-4139.html https://www.suse.com/security/cve/CVE-2016-4140.html https://www.suse.com/security/cve/CVE-2016-4141.html https://www.suse.com/security/cve/CVE-2016-4142.html https://www.suse.com/security/cve/CVE-2016-4143.html https://www.suse.com/security/cve/CVE-2016-4144.html https://www.suse.com/security/cve/CVE-2016-4145.html https://www.suse.com/security/cve/CVE-2016-4146.html https://www.suse.com/security/cve/CVE-2016-4147.html https://www.suse.com/security/cve/CVE-2016-4148.html https://www.suse.com/security/cve/CVE-2016-4149.html https://www.suse.com/security/cve/CVE-2016-4150.html https://www.suse.com/security/cve/CVE-2016-4151.html https://www.suse.com/security/cve/CVE-2016-4152.html https://www.suse.com/security/cve/CVE-2016-4153.html https://www.suse.com/security/cve/CVE-2016-4154.html https://www.suse.com/security/cve/CVE-2016-4155.html https://www.suse.com/security/cve/CVE-2016-4156.html https://www.suse.com/security/cve/CVE-2016-4166.html https://www.suse.com/security/cve/CVE-2016-4171.html https://bugzilla.suse.com/984695 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV2dX3Yx+lLeg9Ub1AQiNDg//aYEGmv0hsZnf+rIS+nvso6v5pyJ1Csl7 hGe2PWNwRpMIOAe/8wZ1nt8cuirDvcxBszw/duito47w+HeaSf0t7sfG/DFElS8O 5E6237zJNHe0/rEvXR7V+hRWrJ0kPdzDxBm9D42SxHd0jY5yAck7oV2x4dO59Slr 1ntuLMWVsNhUBIWg7BxkDgbEn+prgQ5k1NNFgD2SB8NoOOzrvBHtDK7X5bMmmPiQ DRDud/ZauZ5M7DifReJOJHcN83eX7rdjgeT6YdLtyNyrbR3djbnmHglESWq5bjn6 IbaVoSh3KyvI8KIVOSylkaVSdUFtOVgLRy8LdYHEFSxMOShzcOtaw2nhmJMhRu83 qoDjLIckksBgsxo++Xj0WKFlVmekbMarTWYwHmx2LAPhyKvDUb2iQOFVh0uj2ivX w7ae8UNmZSjet7TWQMxLHMoqlAxUwWqKVge4XaDbzKBB7jZ4taVggkIsOMdmrjQM lNmKLoeQ7Y5bR/UOBegZM0b+6OT6u4EiPNg1HMVPVGj96vvVtzt7sST0cJGIOdWL ZodADc2GfMVC6nX1s4gV/wJfsEo4gxSOIab23i5SyCeN52aBqd6mELKlMrGlvh1m dghgCigRpkjlpCB82eTNZaRZizpfc7OpQ9QC9ZJ4Jc4/liITGwgqmzMwJ7lWPdLh 6qgabBY4Hbw= =ZoQD -----END PGP SIGNATURE-----