Bug 960317 (CVE-2015-8459) - VUL-0: CVE-2015-8459: flash-player: Security updates available for Adobe Flash Player ( APSB16-01)
Summary: VUL-0: CVE-2015-8459: flash-player: Security updates available for Adobe Fla...
Status: RESOLVED FIXED
Alias: CVE-2015-8459
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Stanislav Brabec
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-29 09:19 UTC by Victor Pereira
Modified: 2016-04-27 19:26 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2015-12-29 09:19:16 UTC 
Security updates available for Adobe Flash Player

Release date: December 28, 2015

Vulnerability identifier: APSB16-01

Priority: See table below

CVE number: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651

Platform: All Platforms
Summary

Adobe has released security updates for Adobe Flash Player.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2015-8651 is being used in limited, targeted attacks.



Vulnerability Details:

    - These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8644).
    - These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8651).
    - These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650).
    - These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645).
Comment 1 Marcus Meissner 2015-12-29 10:54:02 UTC 
submitted SLE 11,12, openSUSE 13.1 and 13.2.
Comment 3 SMASH SMASH 2015-12-29 14:31:38 UTC 
An update workflow for this issue was started.

This issue was rated as "important".
Please submit fixed packages until "Jan. 5, 2016".

When done, reassign the bug to "security-team@suse.de".
/update/121214/.
Comment 4 Swamp Workflow Management 2015-12-29 23:00:14 UTC 
bugbot adjusting priority
Comment 5 Swamp Workflow Management 2015-12-30 14:10:36 UTC 
openSUSE-SU-2015:2400-1: An update that fixes 19 vulnerabilities is now available.

Category: security (important)
Bug References: 960317
CVE References: CVE-2015-8459,CVE-2015-8460,CVE-2015-8634,CVE-2015-8635,CVE-2015-8636,CVE-2015-8638,CVE-2015-8639,CVE-2015-8640,CVE-2015-8641,CVE-2015-8642,CVE-2015-8643,CVE-2015-8644,CVE-2015-8645,CVE-2015-8646,CVE-2015-8647,CVE-2015-8648,CVE-2015-8649,CVE-2015-8650,CVE-2015-8651
Sources used:
openSUSE 13.2 NonFree (src):    flash-player-11.2.202.559-2.85.1
openSUSE 13.1 NonFree (src):    flash-player-11.2.202.559-150.1
Comment 6 Swamp Workflow Management 2015-12-30 16:13:17 UTC 
SUSE-SU-2015:2401-1: An update that fixes 19 vulnerabilities is now available.

Category: security (important)
Bug References: 960317
CVE References: CVE-2015-8459,CVE-2015-8460,CVE-2015-8634,CVE-2015-8635,CVE-2015-8636,CVE-2015-8638,CVE-2015-8639,CVE-2015-8640,CVE-2015-8641,CVE-2015-8642,CVE-2015-8643,CVE-2015-8644,CVE-2015-8645,CVE-2015-8646,CVE-2015-8647,CVE-2015-8648,CVE-2015-8649,CVE-2015-8650,CVE-2015-8651
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    flash-player-11.2.202.559-117.1
SUSE Linux Enterprise Workstation Extension 12 (src):    flash-player-11.2.202.559-117.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    flash-player-11.2.202.559-117.1
SUSE Linux Enterprise Desktop 12 (src):    flash-player-11.2.202.559-117.1
Comment 7 Swamp Workflow Management 2015-12-30 16:13:38 UTC 
SUSE-SU-2015:2402-1: An update that fixes 19 vulnerabilities is now available.

Category: security (important)
Bug References: 960317
CVE References: CVE-2015-8459,CVE-2015-8460,CVE-2015-8634,CVE-2015-8635,CVE-2015-8636,CVE-2015-8638,CVE-2015-8639,CVE-2015-8640,CVE-2015-8641,CVE-2015-8642,CVE-2015-8643,CVE-2015-8644,CVE-2015-8645,CVE-2015-8646,CVE-2015-8647,CVE-2015-8648,CVE-2015-8649,CVE-2015-8650,CVE-2015-8651
Sources used:
SUSE Linux Enterprise Desktop 11-SP4 (src):    flash-player-11.2.202.559-0.32.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    flash-player-11.2.202.559-0.32.1
Comment 8 Swamp Workflow Management 2015-12-30 18:13:30 UTC 
openSUSE-SU-2015:2403-1: An update that fixes 19 vulnerabilities is now available.

Category: security (important)
Bug References: 960317
CVE References: CVE-2015-8459,CVE-2015-8460,CVE-2015-8634,CVE-2015-8635,CVE-2015-8636,CVE-2015-8638,CVE-2015-8639,CVE-2015-8640,CVE-2015-8641,CVE-2015-8642,CVE-2015-8643,CVE-2015-8644,CVE-2015-8645,CVE-2015-8646,CVE-2015-8647,CVE-2015-8648,CVE-2015-8649,CVE-2015-8650,CVE-2015-8651
Sources used:
openSUSE Evergreen 11.4 (src):    flash-player-11.2.202.559-179.1
Comment 9 Marcus Meissner 2016-03-03 10:55:22 UTC 
releaed