Bug 979422 (CVE-2016-4117) - VUL-0: CVE-2016-4117: Adobe Flash Player: 21.0.0.226 and earlier allows remote attackers to executearbitrary code via unsp...
Summary: VUL-0: CVE-2016-4117: Adobe Flash Player: 21.0.0.226 and earlier allows remot...
Status: RESOLVED FIXED
Alias: CVE-2016-4117
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/168848/
Whiteboard: CVSSv2:RedHat:CVE-2016-4117:6.8:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-11 07:45 UTC by Sebastian Krahmer
Modified: 2019-05-01 17:14 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2016-05-11 07:45:58 UTC 
CVE-2016-4117

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute
arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4117
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
Comment 2 Stanislav Brabec 2016-05-12 11:20:10 UTC 
openSUSE:Maintenance: Using target project 'openSUSE:Maintenance'
395024
SUSE:SLE-12:Update: Using target project 'SUSE:Maintenance'
114495

Report created by 6-flash-player-update-submit-all.sh.
Comment 4 Bernhard Wiedemann 2016-05-12 12:00:16 UTC 
This is an autogenerated message for OBS integration:
This bug (979422) was mentioned in
https://build.opensuse.org/request/show/395027 13.2:NonFree / flash-player
Comment 6 Alexander Bergmann 2016-05-13 09:18:25 UTC 
This update also covers the following CVEs within APSB16-15.

https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

Security updates available for Adobe Flash Player

Release date: May 12, 2016
Vulnerability identifier: APSB16-15

CVE number: CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117

Platform: Windows, Macintosh, Linux and ChromeOS
Comment 7 Swamp Workflow Management 2016-05-16 16:08:16 UTC 
SUSE-SU-2016:1305-1: An update that fixes 49 vulnerabilities is now available.

Category: security (important)
Bug References: 979422
CVE References: CVE-2016-1006,CVE-2016-1011,CVE-2016-1012,CVE-2016-1013,CVE-2016-1014,CVE-2016-1015,CVE-2016-1016,CVE-2016-1017,CVE-2016-1018,CVE-2016-1019,CVE-2016-1020,CVE-2016-1021,CVE-2016-1022,CVE-2016-1023,CVE-2016-1024,CVE-2016-1025,CVE-2016-1026,CVE-2016-1027,CVE-2016-1028,CVE-2016-1029,CVE-2016-1030,CVE-2016-1031,CVE-2016-1032,CVE-2016-1033,CVE-2016-1096,CVE-2016-1097,CVE-2016-1098,CVE-2016-1099,CVE-2016-1100,CVE-2016-1101,CVE-2016-1102,CVE-2016-1103,CVE-2016-1104,CVE-2016-1105,CVE-2016-1106,CVE-2016-1107,CVE-2016-1108,CVE-2016-1109,CVE-2016-1110,CVE-2016-4108,CVE-2016-4109,CVE-2016-4110,CVE-2016-4111,CVE-2016-4112,CVE-2016-4113,CVE-2016-4114,CVE-2016-4115,CVE-2016-4116,CVE-2016-4117
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    flash-player-11.2.202.621-130.1
SUSE Linux Enterprise Workstation Extension 12 (src):    flash-player-11.2.202.621-130.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    flash-player-11.2.202.621-130.1
SUSE Linux Enterprise Desktop 12 (src):    flash-player-11.2.202.621-130.1
Comment 8 Swamp Workflow Management 2016-05-17 00:08:02 UTC 
openSUSE-SU-2016:1306-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 979422
CVE References: CVE-2016-1006,CVE-2016-1011,CVE-2016-1012,CVE-2016-1013,CVE-2016-1014,CVE-2016-1015,CVE-2016-1016,CVE-2016-1017,CVE-2016-1018,CVE-2016-1019,CVE-2016-1020,CVE-2016-1021,CVE-2016-1022,CVE-2016-1023,CVE-2016-1024,CVE-2016-1025,CVE-2016-1026,CVE-2016-1027,CVE-2016-1028,CVE-2016-1029,CVE-2016-1030,CVE-2016-1031,CVE-2016-1032,CVE-2016-1033,CVE-2016-4117
Sources used:
openSUSE 13.2 NonFree (src):    flash-player-11.2.202.621-2.97.1
Comment 9 Swamp Workflow Management 2016-05-17 12:09:03 UTC 
openSUSE-SU-2016:1308-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 979422
CVE References: CVE-2016-4117
Sources used:
openSUSE Evergreen 11.4 (src):    flash-player-11.2.202.621-185.1
Comment 10 Swamp Workflow Management 2016-05-17 12:09:19 UTC 
openSUSE-SU-2016:1309-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 979422
CVE References: CVE-2016-4117
Sources used:
openSUSE 13.1 NonFree (src):    flash-player-11.2.202.621-162.1
Comment 11 Marcus Meissner 2016-05-19 13:46:51 UTC 
released
Comment 12 Alexander Bergmann 2016-05-20 09:21:37 UTC 
Adobe updated their Security Bulletin APSB16-15 with two additional CVEs.

https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

May 19, 2016: Added CVE-2016-4120 and CVE-2016-4121, which were resolved in this release but inadvertently omitted from the original release of the bulletin.
Comment 13 Marcus Meissner 2016-06-07 06:18:20 UTC 
CVE list was updated again
CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117, CVE-2016-4120, CVE-2016-4121, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163