Test ID:	1.3.6.1.4.1.25623.1.0.850970
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory for flash-player (SUSE-SU-2014:1124-1)
Summary:	The remote host is missing an update for the 'flash-player'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'flash-player' package(s) announced via the referenced advisory. Vulnerability Insight: Adobe Flash Player has been updated to 11.2.202.406 which fixes various security issues. These updates: * resolve a memory leakage vulnerability that could have been used to bypass memory address randomization (CVE-2014-0557). * resolve a security bypass vulnerability (CVE-2014-0554). * resolve a use-after-free vulnerability that could have lead to code execution (CVE-2014-0553). * resolve memory corruption vulnerabilities that could have lead to code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555). * resolve a vulnerability that could have been used to bypass the same origin policy (CVE-2014-0548). * resolve a heap buffer overflow vulnerability that could have lead to code execution (CVE-2014-0556, CVE-2014-0559). Security Issues: * CVE-2014-0547 * CVE-2014-0548 * CVE-2014-0549 * CVE-2014-0550 * CVE-2014-0551 * CVE-2014-0552 * CVE-2014-0553 * CVE-2014-0554 * CVE-2014-0555 Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: flash-player on SUSE Linux Enterprise Desktop 11 SP3 Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0547 BugTraq ID: 69695 http://www.securityfocus.com/bid/69695 http://security.gentoo.org/glsa/glsa-201409-05.xml http://www.securitytracker.com/id/1030822 http://secunia.com/advisories/61089 SuSE Security Announcement: SUSE-SU-2014:1124 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html SuSE Security Announcement: openSUSE-SU-2014:1110 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html SuSE Security Announcement: openSUSE-SU-2014:1130 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html XForce ISS Database: adobe-flash-cve20140547-code-exec(95817) https://exchange.xforce.ibmcloud.com/vulnerabilities/95817 Common Vulnerability Exposure (CVE) ID: CVE-2014-0548 BugTraq ID: 69705 http://www.securityfocus.com/bid/69705 XForce ISS Database: adobe-flash-cve20140548-sec-bypass(95818) https://exchange.xforce.ibmcloud.com/vulnerabilities/95818 Common Vulnerability Exposure (CVE) ID: CVE-2014-0549 BugTraq ID: 69699 http://www.securityfocus.com/bid/69699 XForce ISS Database: adobe-flash-cve20140549-code-exec(95819) https://exchange.xforce.ibmcloud.com/vulnerabilities/95819 Common Vulnerability Exposure (CVE) ID: CVE-2014-0550 BugTraq ID: 69700 http://www.securityfocus.com/bid/69700 XForce ISS Database: adobe-flash-cve20140550-code-exec(95820) https://exchange.xforce.ibmcloud.com/vulnerabilities/95820 Common Vulnerability Exposure (CVE) ID: CVE-2014-0551 BugTraq ID: 69702 http://www.securityfocus.com/bid/69702 XForce ISS Database: adobe-flash-cve20140551-code-exec(95821) https://exchange.xforce.ibmcloud.com/vulnerabilities/95821 Common Vulnerability Exposure (CVE) ID: CVE-2014-0552 BugTraq ID: 69703 http://www.securityfocus.com/bid/69703 XForce ISS Database: adobe-flash-cve20140552-code-exec(95822) https://exchange.xforce.ibmcloud.com/vulnerabilities/95822 Common Vulnerability Exposure (CVE) ID: CVE-2014-0553 BugTraq ID: 69707 http://www.securityfocus.com/bid/69707 XForce ISS Database: adobe-flash-cve20140553-code-exec(95823) https://exchange.xforce.ibmcloud.com/vulnerabilities/95823 Common Vulnerability Exposure (CVE) ID: CVE-2014-0554 BugTraq ID: 69697 http://www.securityfocus.com/bid/69697 XForce ISS Database: adobe-flash-cve20140554-sec-bypass(95824) https://exchange.xforce.ibmcloud.com/vulnerabilities/95824 Common Vulnerability Exposure (CVE) ID: CVE-2014-0555 BugTraq ID: 69706 http://www.securityfocus.com/bid/69706 XForce ISS Database: adobe-flash-cve20140555-code-exec(95825) https://exchange.xforce.ibmcloud.com/vulnerabilities/95825 Common Vulnerability Exposure (CVE) ID: CVE-2014-0556 BugTraq ID: 69696 http://www.securityfocus.com/bid/69696 https://www.exploit-db.com/exploits/36808/ http://googleprojectzero.blogspot.com/2014/09/exploiting-cve-2014-0556-in-flash.html http://packetstormsecurity.com/files/131516/Adobe-Flash-Player-copyPixelsToByteArray-Integer-Overflow.html https://code.google.com/p/google-security-research/issues/detail?id=46 http://www.osvdb.org/111110 XForce ISS Database: adobe-flash-cve20140556-bo(95826) https://exchange.xforce.ibmcloud.com/vulnerabilities/95826 Common Vulnerability Exposure (CVE) ID: CVE-2014-0557 BugTraq ID: 69701 http://www.securityfocus.com/bid/69701 XForce ISS Database: adobe-flash-cve20140557-sec-bypass(95827) https://exchange.xforce.ibmcloud.com/vulnerabilities/95827 Common Vulnerability Exposure (CVE) ID: CVE-2014-0559 BugTraq ID: 69704 http://www.securityfocus.com/bid/69704 XForce ISS Database: adobe-flash-cve20140559-bo(95828) https://exchange.xforce.ibmcloud.com/vulnerabilities/95828
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.