openSUSE-2015-652 important openSUSE Leap 42.1 NonFree Update This update for flash-player provides version 11.2.202.521 with the following security-fixes: (bsc#946880) - Resolve a type confusion vulnerability that could lead to code execution (CVE-2015-5573). - Resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682). - Resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-6676, CVE-2015-6678). - Resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, CVE-2015-6677). - Include additional validation checks to ensure that Flash Player rejects malicious content from vulnerable JSONP callback APIs (CVE-2015-5571). - Resolve a memory leak vulnerability (CVE-2015-5576). - Include further hardening to a mitigation to defend against vector length corruptions (CVE-2015-5568). - Resolve stack corruption vulnerabilities that could lead to code execution (CVE-2015-5567, CVE-2015-5579). - Resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-5587). - Resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-5572). - Resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-6679). flash-player-11.2.202.521-3.1.i586.rpm flash-player-11.2.202.521-3.1.nosrc.rpm flash-player-gnome-11.2.202.521-3.1.i586.rpm flash-player-kde4-11.2.202.521-3.1.i586.rpm flash-player-11.2.202.521-3.1.x86_64.rpm flash-player-gnome-11.2.202.521-3.1.x86_64.rpm flash-player-kde4-11.2.202.521-3.1.x86_64.rpm openSUSE-2015-656 important openSUSE Leap 42.1 NonFree Update Adobe Flash Player was updated to 11.2.202.535 to fix a number of security issues. (boo#950169, APSB15-25) The following vulnerabilities were fixed: * CVE-2015-7628: Vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure * CVE-2015-5569: Defense-in-depth feature in the Flash broker API * CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644: Use-after-free vulnerabilities that could lead to code execution * CVE-2015-7632: Buffer overflow vulnerability that could lead to code execution * CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634: Memory corruption vulnerabilities that could lead to code execution flash-player-11.2.202.535-7.2.i586.rpm flash-player-11.2.202.535-7.2.nosrc.rpm flash-player-gnome-11.2.202.535-7.2.i586.rpm flash-player-kde4-11.2.202.535-7.2.i586.rpm flash-player-11.2.202.535-7.2.x86_64.rpm flash-player-gnome-11.2.202.535-7.2.x86_64.rpm flash-player-kde4-11.2.202.535-7.2.x86_64.rpm openSUSE-2015-665 critical openSUSE Leap 42.1 NonFree Update flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474). flash-player-11.2.202.540-10.1.i586.rpm flash-player-11.2.202.540-10.1.nosrc.rpm flash-player-gnome-11.2.202.540-10.1.i586.rpm flash-player-kde4-11.2.202.540-10.1.i586.rpm flash-player-11.2.202.540-10.1.x86_64.rpm flash-player-gnome-11.2.202.540-10.1.x86_64.rpm flash-player-kde4-11.2.202.540-10.1.x86_64.rpm