Operating System:

[SUSE]

Published:

17 March 2017

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2017.0712 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.0712
          SUSE Security Update: Security update for flash-player
                               17 March 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          flash-player
Publisher:        SUSE
Operating System: SUSE
Impact/Access:    Execute Arbitrary Code/Commands -- Remote with User Interaction
                  Denial of Service               -- Remote with User Interaction
                  Access Confidential Data        -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2017-3003 CVE-2017-3002 CVE-2017-3001
                  CVE-2017-3000 CVE-2017-2999 CVE-2017-2998
                  CVE-2017-2997  

Reference:        ESB-2017.0706
                  ESB-2017.0675
                  ESB-2017.0674

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for flash-player
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:0703-1
Rating:             important
References:         #1029374 
Cross-References:   CVE-2017-2997 CVE-2017-2998 CVE-2017-2999
                    CVE-2017-3000 CVE-2017-3001 CVE-2017-3002
                    CVE-2017-3003
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP1
                    SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________

   An update that fixes 7 vulnerabilities is now available.

Description:


   This update for flash-player fixes the following issues:

   Security update to 25.0.0.127 (bsc#1029374), fixing the following
   vulnerabilities advised under APSB17-07:
   - CVE-2017-2997: This update resolves a buffer overflow vulnerability that
     could lead to code execution.
   - CVE-2017-2998, CVE-2017-2999: This update resolves memory corruption
     vulnerabilities that could lead to code execution.
   - CVE-2017-3000: This update resolves a random number generator
     vulnerability used for constant blinding that could lead to information
     disclosure.
   - CVE-2017-3001, CVE-2017-3002, CVE-2017-3003: This update resolves
     use-after-free vulnerabilities that could lead to code execution.
   - Details:
     https://helpx.adobe.com/security/products/flash-player/apsb17-07.html


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP1:

      zypper in -t patch SUSE-SLE-WE-12-SP1-2017-385=1

   - SUSE Linux Enterprise Desktop 12-SP1:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-385=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64):

      flash-player-25.0.0.127-162.1
      flash-player-gnome-25.0.0.127-162.1

   - SUSE Linux Enterprise Desktop 12-SP1 (x86_64):

      flash-player-25.0.0.127-162.1
      flash-player-gnome-25.0.0.127-162.1


References:

   https://www.suse.com/security/cve/CVE-2017-2997.html
   https://www.suse.com/security/cve/CVE-2017-2998.html
   https://www.suse.com/security/cve/CVE-2017-2999.html
   https://www.suse.com/security/cve/CVE-2017-3000.html
   https://www.suse.com/security/cve/CVE-2017-3001.html
   https://www.suse.com/security/cve/CVE-2017-3002.html
   https://www.suse.com/security/cve/CVE-2017-3003.html
   https://bugzilla.suse.com/1029374

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWMsqU4x+lLeg9Ub1AQhFfw//ad9hmvlNiggEWh14A5Kv63jyl49AobXc
no7biYsns1G0Vibg2mbjiMthGRdV30MMtTPtAWKONwpRZw0gdrfmXV5RiFNHg5P4
SRArxWX9LkMJM2bEujmJCbgbl4aNlbFYd7Pz01AAg5s2EjPZyU0HKwR3RlV/VOvd
MUm+akpLE/XK9y2KhI4z0+7j7+9QSo10PVE1zAqCEqlsJw0NKqcJlwgYL5sr6TcW
ln6K4ijoeV/3ntjRZ0TQfmLXur6ZPU5LukWRgH8b/aqWeRTjOg+YHRGkF4/8B2Jh
vBc72r5EjGSqf5fqUIyaIknvsXcWJGSOGdV9dP7yEkggyAT99ZV80h/oWOaupj8Q
Jrcl9i+3msS6yp7Bxh4CVkZEJt6YsG5VcEemADoMXcJc5ZhHef9BOTMK8l3ODn74
qiRUIAdJh2HzoK5Rznei2m2UT+Im+cKVIX1KWnZn+iwy+vnRh2jvjidRLnk37veO
d10fgEp8HTvhu0v/X+BN6M+ByEaTH9gOyqjYACMeKajCWmKHegjffBDE0U+veUAg
ykP1m83zgtDqRFqlq3yMacn3LmISo40it7a37cGaTvNgybiSFog2mcz8/pkENGrD
lLiCBg49bYeuhURSZ/vsHqgt1QUnfxU28QX9zRnAtKxElQBo46sARJ51NMYmGVFV
zEfeayFmw/k=
=2iIP
-----END PGP SIGNATURE-----