PROBLEM:
SUSE has issued an update for flash-player.
PLATFORM:
openSUSE 12.1
ABSTRACT:
This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
REFERENCE LINKS:
Secunia Advisory SA52416
openSUSE
Adobe Security Bulletin APSB13-08
CVE-2013-0504
CVE-2013-0643
CVE-2013-0648
IMPACT ASSESSMENT:
High
DISCUSSION:
This update resolves:
1. Permissions issue with the Flash Player Firefox sandbox.
2. Vulnerability in the ExternalInterface ActionScript feature, which can be exploited to execute malicious code.
3. Buffer overflow vulnerability in a Flash Player broker service, which can be used to execute malicious code.
IMPACT:
Security Bypass and System access
SOLUTION:
Apply updated packages via the zypper package manager.