Upstream information
Description
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Novell/SUSE information
Novell Bugzilla entry: 686818 SUSE Security Advisories:- SUSE-SA:2011:018, published Mon, 18 Apr 2011 15:00:00 +0000
- openSUSE-SU-2011:0373-1, published Mon, 18 Apr 2011 17:08:26 +0200 (CEST)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 11 SP1 |
| Builds SAT Patch Nr: 4400 |
| SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP4 for x86 |
| Builds ZYPP Patch Nr: 7477 |
| openSUSE 11.2 openSUSE 11.3 openSUSE 11.4 |
|