Overview

File _patchinfo of Package patchinfo.568

<patchinfo incident="568">
  <packager>sbrabec</packager>
  <issue tracker="cve" id="2015-0346"></issue>
  <issue tracker="cve" id="2015-0347"></issue>
  <issue tracker="cve" id="2015-0348"></issue>
  <issue tracker="cve" id="2015-0349"></issue>
  <issue tracker="cve" id="2015-0350"></issue>
  <issue tracker="cve" id="2015-0351"></issue>
  <issue tracker="cve" id="2015-0352"></issue>
  <issue tracker="cve" id="2015-0353"></issue>
  <issue tracker="cve" id="2015-0354"></issue>
  <issue tracker="cve" id="2015-0355"></issue>
  <issue tracker="cve" id="2015-0356"></issue>
  <issue tracker="cve" id="2015-0357"></issue>
  <issue tracker="cve" id="2015-0358"></issue>
  <issue tracker="cve" id="2015-0359"></issue>
  <issue tracker="cve" id="2015-0360"></issue>
  <issue tracker="cve" id="2015-3038"></issue>
  <issue tracker="cve" id="2015-3039"></issue>
  <issue tracker="cve" id="2015-3040"></issue>
  <issue tracker="cve" id="2015-3041"></issue>
  <issue tracker="cve" id="2015-3042"></issue>
  <issue tracker="cve" id="2015-3043"></issue>
  <issue tracker="cve" id="2015-3044"></issue>
  <issue tracker="bnc" id="927089">VUL-0: flash-player: Adobe Flash player 11.2.202.457 fixes several remote code execution vulnerabilities (APSB15-06)</issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for Adobe Flash Player</summary>
  <description>Adobe Flash Player was updated to 11.2.202.457 to fix several security issues that could lead to remote code execution.

An exploit for CVE-2015-3043 was reported to exist in the wild.

The following vulnerabilities were fixed:

* Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).
* Type confusion vulnerability that could lead to code execution (CVE-2015-0356).
* Buffer overflow vulnerability that could lead to code execution (CVE-2015-0348).
* Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).
* Double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359).
* Memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040).
* Security bypass vulnerability that could lead to information disclosure (CVE-2015-3044).</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places