Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="3701">
  <packager>sbrabec</packager>
  <issue tracker="cve" id="2015-0346"/>
  <issue tracker="cve" id="2015-0347"/>
  <issue tracker="cve" id="2015-0348"/>
  <issue tracker="cve" id="2015-0349"/>
  <issue tracker="cve" id="2015-0350"/>
  <issue tracker="cve" id="2015-0351"/>
  <issue tracker="cve" id="2015-0352"/>
  <issue tracker="cve" id="2015-0353"/>
  <issue tracker="cve" id="2015-0354"/>
  <issue tracker="cve" id="2015-0355"/>
  <issue tracker="cve" id="2015-0356"/>
  <issue tracker="cve" id="2015-0357"/>
  <issue tracker="cve" id="2015-0358"/>
  <issue tracker="cve" id="2015-0359"/>
  <issue tracker="cve" id="2015-0360"/>
  <issue tracker="cve" id="2015-3038"/>
  <issue tracker="cve" id="2015-3039"/>
  <issue tracker="cve" id="2015-3040"/>
  <issue tracker="cve" id="2015-3041"/>
  <issue tracker="cve" id="2015-3042"/>
  <issue tracker="cve" id="2015-3043"/>
  <issue tracker="cve" id="2015-3044"/>
  <issue tracker="bnc" id="927089">VUL-0: flash-player: Adobe Flash player 11.2.202.457 fixes several remote code execution vulnerabilities</issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for Adobe Flash Player</summary>
  <description>Adobe Flash Player was updated to 11.2.202.457 to fix several security issues that could lead to remote code execution.

An exploit for CVE-2015-3043 was reported to exist in the wild.

The following vulnerabilities were fixed:

* Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).
* Type confusion vulnerability that could lead to code execution (CVE-2015-0356).
* Buffer overflow vulnerability that could lead to code execution (CVE-2015-0348).
* Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).
* Double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359).
* Memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040).
* Security bypass vulnerability that could lead to information disclosure (CVE-2015-3044).</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places