Bugzilla – Bug 937339
VUL-0: CVE-2015-5119: flash-player: Hackteam 0day release APSA15-03
Last modified: 2019-05-01 16:48:59 UTC
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html Security Advisory for Adobe Flash Player Release date: July 7, 2015 Vulnerability identifier: APSA15-03 CVE number: CVE-2015-5119 Platform: Windows, Macintosh and Linux Summary A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8, 2015. Affected software versions Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux
This is an autogenerated message for OBS integration: This bug (937339) was mentioned in https://build.opensuse.org/request/show/315561 13.1:NonFree+13.2:NonFree / flash-player_NonFree_Update
openSUSE-SU-2015:1207-1: An update that fixes one vulnerability is now available. Category: security (critical) Bug References: 937339 CVE References: CVE-2015-5119 Sources used:
From https://helpx.adobe.com/security/products/flash-player/apsb15-16.html CVE-2014-0578, CVE-2015-3097, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3125, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5116, CVE-2015-5117, CVE-2015-5118 in addition to the already known CVE-2015-5119. Details: These updates improve memory address randomization of the Flash heap for the Window 7 64-bit platform (CVE-2015-3097). These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431). These updates resolve null pointer dereference issues (CVE-2015-3126, CVE-2015-4429). These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3114). These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119). These updates resolve vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116).
Should I update CVE list and re-submit? (It is already released for openSUSE.) Or should I update changes file next time?
openSUSE-SU-2015:1210-1: An update that fixes one vulnerability is now available. Category: security (critical) Bug References: 937339 CVE References: CVE-2015-5119 Sources used:
SUSE-SU-2015:1211-1: An update that fixes 35 vulnerabilities is now available. Category: security (critical) Bug References: 937339 CVE References: CVE-2014-0578,CVE-2015-3114,CVE-2015-3115,CVE-2015-3116,CVE-2015-3117,CVE-2015-3118,CVE-2015-3119,CVE-2015-3120,CVE-2015-3121,CVE-2015-3122,CVE-2015-3123,CVE-2015-3124,CVE-2015-3125,CVE-2015-3126,CVE-2015-3127,CVE-2015-3128,CVE-2015-3129,CVE-2015-3130,CVE-2015-3131,CVE-2015-3132,CVE-2015-3133,CVE-2015-3134,CVE-2015-3135,CVE-2015-3136,CVE-2015-3137,CVE-2015-4428,CVE-2015-4429,CVE-2015-4430,CVE-2015-4431,CVE-2015-4432,CVE-2015-4433,CVE-2015-5116,CVE-2015-5117,CVE-2015-5118,CVE-2015-5119 Sources used:
SUSE-SU-2015:1214-1: An update that fixes 35 vulnerabilities is now available. Category: security (critical) Bug References: 937339 CVE References: CVE-2014-0578,CVE-2015-3114,CVE-2015-3115,CVE-2015-3116,CVE-2015-3117,CVE-2015-3118,CVE-2015-3119,CVE-2015-3120,CVE-2015-3121,CVE-2015-3122,CVE-2015-3123,CVE-2015-3124,CVE-2015-3125,CVE-2015-3126,CVE-2015-3127,CVE-2015-3128,CVE-2015-3129,CVE-2015-3130,CVE-2015-3131,CVE-2015-3132,CVE-2015-3133,CVE-2015-3134,CVE-2015-3135,CVE-2015-3136,CVE-2015-3137,CVE-2015-4428,CVE-2015-4429,CVE-2015-4430,CVE-2015-4431,CVE-2015-4432,CVE-2015-4433,CVE-2015-5116,CVE-2015-5117,CVE-2015-5118,CVE-2015-5119 Sources used:
Released