You are here

V-102: SUSE update for flash-player

March 1, 2013 - 6:00am

Addthis

PROBLEM:

SUSE has issued an update for flash-player.

PLATFORM:

openSUSE 12.1

ABSTRACT:

This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

REFERENCE LINKS:

Secunia Advisory SA52416 
openSUSE
Adobe Security Bulletin APSB13-08
CVE-2013-0504
CVE-2013-0643 
CVE-2013-0648

IMPACT ASSESSMENT:

High

DISCUSSION:

This update resolves:

1.  Permissions issue with the Flash Player Firefox sandbox.
2.  Vulnerability in the ExternalInterface ActionScript feature, which can be exploited to execute malicious code.
3.  Buffer overflow vulnerability in a Flash Player broker service, which can be used to execute malicious code.

IMPACT:

Security Bypass and System access

SOLUTION:

Apply updated packages via the zypper package manager.

Addthis