{"affected":[{"ecosystem_specific":{"binaries":[{"flash-player":"24.0.0.186-152.1","flash-player-gnome":"24.0.0.186-152.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"flash-player","purl":"pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"24.0.0.186-152.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"flash-player":"24.0.0.186-152.1","flash-player-gnome":"24.0.0.186-152.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP1","name":"flash-player","purl":"pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"24.0.0.186-152.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for flash-player fixes the following issues:\n\n- Security update to 24.0.0.186 (bsc#1015379) APSB16-39:\n    * These updates resolve use-after-free vulnerabilities that could have\n      lead to code execution (CVE-2016-7872, CVE-2016-7877, CVE-2016-7878,\n      CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7892).\n    * These updates resolve buffer overflow vulnerabilities that could have lead to\n      code execution (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870).\n    * These updates resolve memory corruption vulnerabilities that could have lead to\n      code execution (CVE-2016-7871, CVE-2016-7873, CVE-2016-7874,\n      CVE-2016-7875, CVE-2016-7876).\n    * These updates resolve a security bypass vulnerability (CVE-2016-7890).\n- Keep standalone flashplayer at version 11, no newer version\n  exists (INSECURE!).\n- Update EULA to version 24.0.\n","id":"SUSE-SU-2016:3148-1","modified":"2016-12-14T10:10:26Z","published":"2016-12-14T10:10:26Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20163148-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1015379"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7867"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7868"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7869"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7870"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7871"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7872"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7873"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7874"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7875"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7876"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7877"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7878"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7879"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7880"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7881"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7890"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7892"}],"related":["CVE-2016-7867","CVE-2016-7868","CVE-2016-7869","CVE-2016-7870","CVE-2016-7871","CVE-2016-7872","CVE-2016-7873","CVE-2016-7874","CVE-2016-7875","CVE-2016-7876","CVE-2016-7877","CVE-2016-7878","CVE-2016-7879","CVE-2016-7880","CVE-2016-7881","CVE-2016-7890","CVE-2016-7892"],"summary":"Security update for flash-player","upstream":["CVE-2016-7867","CVE-2016-7868","CVE-2016-7869","CVE-2016-7870","CVE-2016-7871","CVE-2016-7872","CVE-2016-7873","CVE-2016-7874","CVE-2016-7875","CVE-2016-7876","CVE-2016-7877","CVE-2016-7878","CVE-2016-7879","CVE-2016-7880","CVE-2016-7881","CVE-2016-7890","CVE-2016-7892"]}