937752 – (CVE-2015-5122) VUL-0: CVE-2015-5122,CVE-2015-5123: flash-player: second hackingteam 0day (APSA15-04,APSB15-18)

Bug 937752 (CVE-2015-5122) - VUL-0: CVE-2015-5122,CVE-2015-5123: flash-player: second hackingteam 0day (APSA15-04,APSB15-18)

Summary: VUL-0: CVE-2015-5122,CVE-2015-5123: flash-player: second hackingteam 0day (AP...

Status:	RESOLVED FIXED

Alias:	CVE-2015-5122

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P1 - Urgent Severity: Critical
Target Milestone:	---
Assignee:	Stanislav Brabec
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-07-11 08:57 UTC by Marcus Meissner
Modified:	2016-04-27 14:40 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Script to fix changes of previous incident (733 bytes, text/plain) 2015-07-13 14:34 UTC, Stanislav Brabec	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-07-11 08:57:34 UTC

another flash 0day was seen in the hackingteam dump

CVE-2015-5122


https://helpx.adobe.com/security/products/flash-player/apsa15-04.html

updates will be shipped July 12th according to above page.

Comment 1 Marcus Meissner 2015-07-11 08:58:07 UTC

technical writeup, translated from chinese, here:


https://translate.google.com/translate?depth=1&nv=1&rurl=translate.google.com&sl=auto&tl=en&u=http://blogs.360.cn/360safe/2015/07/11/hacking-team-part4-flash-2/

Comment 2 Swamp Workflow Management 2015-07-11 22:00:06 UTC

bugbot adjusting priority

Comment 8 Marcus Meissner 2015-07-14 16:02:35 UTC

Adobe has not released a Linux Flash Player yet for those issues.

Comment 9 Andreas Stieger 2015-07-14 17:08:21 UTC

Some details for the upcoming release from 
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html

These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2015-5122).
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2015-5123).

Comment 10 Andreas Stieger 2015-07-16 10:48:04 UTC

11.2.202.491 is now available upstream, please submit.

Comment 11 Bernhard Wiedemann 2015-07-16 13:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (937752) was mentioned in
https://build.opensuse.org/request/show/317160 13.1:NonFree+13.2:NonFree / flash-player

Comment 13 Stanislav Brabec 2015-07-16 13:40:34 UTC

Thanks for the submit.

Comment 14 Swamp Workflow Management 2015-07-17 09:10:46 UTC

SUSE-SU-2015:1255-1: An update that fixes two vulnerabilities is now available.

Category: security (critical)
Bug References: 937752
CVE References: CVE-2015-5122,CVE-2015-5123
Sources used:

Comment 15 Swamp Workflow Management 2015-07-17 10:09:32 UTC

SUSE-SU-2015:1258-1: An update that fixes two vulnerabilities is now available.

Category: security (critical)
Bug References: 937752
CVE References: CVE-2015-5122,CVE-2015-5123
Sources used:
SUSE Linux Enterprise Desktop 11-SP4 (src):    flash-player-11.2.202.491-0.11.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    flash-player-11.2.202.491-0.11.1

Comment 16 Swamp Workflow Management 2015-07-18 17:10:02 UTC

openSUSE-SU-2015:1267-1: An update that fixes two vulnerabilities is now available.

Category: security (critical)
Bug References: 937752
CVE References: CVE-2015-5122,CVE-2015-5123
Sources used:
openSUSE Evergreen 11.4 (src):    flash-player-11.2.202.491-173.1

Comment 17 Andreas Stieger 2015-07-24 09:55:06 UTC

released