Security update for Adobe Flash Player

Adobe Flash Player was updated to 11.2.202.457 to fix several security issues that could lead to remote code execution.

An exploit for CVE-2015-3043 was reported to exist in the wild.

The following vulnerabilities were fixed:

* Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).
* Type confusion vulnerability that could lead to code execution (CVE-2015-0356).
* Buffer overflow vulnerability that could lead to code execution (CVE-2015-0348).
* Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).
* Double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359).
* Memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040).
* Security bypass vulnerability that could lead to information disclosure (CVE-2015-3044)

Fixed bugs
bnc#856386
flashplayer problem opensuse 13.1
bnc#901334
VUL-0: CVE-2014-0564 CVE-2014-0558 CVE-2014-0569: flash-plugin: multiple code execution flaws (APSB14-22)
bnc#905032
VUL-0: flash-player: CVE-2014-0573 + 17 more: flash-plugin: Various vulnerabilities
bnc#907257
VUL-0: CVE-2014-8439 flash-player: hardening against a code execution flaw (APSB14-26)
bnc#909219
VUL-0: flash-player: 11.2.202.425
bnc#913057
VUL-0: flash-player: APSB15-01: update to 11.2.202.429
bnc#914333
VUL-0: CVE-2015-0310: flash-player: critical update release APSB15-02
bnc#914463
VUL-0: CVE-2015-0311: flash-player: another critical vulnerability
bnc#922033
VUL-0: flash-player: Multiple vulerabilities fixed in Adobe Flash player 11.2.202.451 (APSB15-05)
bnc#927089
VUL-0: flash-player: Adobe Flash player 11.2.202.457 fixes several remote code execution vulnerabilities (APSB15-06)
Selected Binaries
openSUSE Build Service is sponsored by