Bug 10495

Summary: Security update request for flash-player-plugin, to 11.2.202.291
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, olivier.delaune, sysadmin-bugs, wilcal.int, wrw105
Version: 3Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA2TOO MGA3-64-OK MGA2-64-OK MGA2-32-OK MGA3-32-OK
Source RPM: flash-player-plugin CVE:
Status comment:

Description Anssi Hannula 2013-06-11 20:19:47 CEST 
Advisory:
============
Adobe Flash Player 11.2.202.291 contains a fix to a critical security
vulnerability found in earlier versions. This vulnerability could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-3343).

References:
http://www.adobe.com/support/security/bulletins/apsb13-16.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3343
============

Updated Flash Player 11.2.202.291 packages are in mga2+mga3 nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and x86_64).
Comment 1 Bill Wilkinson 2013-06-11 22:07:07 CEST 
tested mga3-64
changed settings with flash player preferences, viewed several youtube videos and played a flash game.

Shouldn't this be updated for MGA2 as well?

CC: (none) => wrw105
Whiteboard: (none) => MGA3-64-OK feedback

Comment 2 claire robinson 2013-06-11 22:13:24 CEST 
Well done for thinking of it and asking Bill. Anssi added that it's available for mga 2 & 3 in comment 0. Adding the MGA2TOO whiteboard marker which was missing.

It should show properly on madb now.

Whiteboard: MGA3-64-OK feedback => MGA2TOO MGA3-64-OK

Comment 3 Dave Hodgins 2013-06-11 22:17:26 CEST 
The srpms are
flash-player-plugin-11.2.202.291-1.mga3.nonfree.src.rpm
flash-player-plugin-11.2.202.291-1.mga2.nonfree.src.rpm

I'll test on Mageia 2 i586 and x86_64 shortly.

CC: (none) => davidwhodgins

Comment 4 Dave Hodgins 2013-06-11 22:25:01 CEST 
Testing complete on Mageia 2 i586 and x86_64, both playing flash videos and
using the kde plugin to remove flash cookies.

I'll test Mageia 3 i586 shortly.

Whiteboard: MGA2TOO MGA3-64-OK => MGA2TOO MGA3-64-OK MGA2-64-OK MGA2-32-OK

Comment 5 Dave Hodgins 2013-06-11 22:31:05 CEST 
Testing complete on Mageia 3 i586.

Could someone from the sysadmin team push the srpm
flash-player-plugin-11.2.202.291-1.mga3.nonfree.src.rpm
from Mageia 3 Nonfree Updates Testing to Nonfree Updates and the srpm
flash-player-plugin-11.2.202.291-1.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates.

Advisory: Adobe Flash Player 11.2.202.291 contains a fix to a critical security
vulnerability found in earlier versions. This vulnerability could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-3343).

References:
http://www.adobe.com/support/security/bulletins/apsb13-16.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3343

https://bugs.mageia.org/show_bug.cgi?id=10495

Keywords: (none) => validated_update
Whiteboard: MGA2TOO MGA3-64-OK MGA2-64-OK MGA2-32-OK => MGA2TOO MGA3-64-OK MGA2-64-OK MGA2-32-OK MGA3-32-OK
CC: (none) => sysadmin-bugs

Comment 6 William Kenney 2013-06-12 02:12:06 CEST 
Tested MGA3-32-OK

cat /etc/release
Mageia release 3 (Official) for i586

Updated with nonfree updates_testing with:
flash-player-plugin-11.2.202.291-1.mga3.nonfree.i586.rpm
flash-player-plugin-kde-11.2.202.291-1.mga3.nonfree.i586.rpm
On real hardware.

Viewed several of my youtube videos and it seems ok.

CC: (none) => wilcal.int

Comment 7 Olivier Delaune 2013-06-13 07:21:37 CEST 
Tested on Mageia 3 64 bit watching some videos on Youtube.

CC: (none) => olivier.delaune

Comment 8 Dave Hodgins 2013-06-19 02:54:48 CEST 
Advisory ready to push.
Comment 9 Nicolas Vigier 2013-06-19 12:39:40 CEST 
http://advisories.mageia.org/MGASA-2013-0177.html

Status: NEW => RESOLVED
CC: (none) => boklm
Resolution: (none) => FIXED

Nicolas Vigier 2014-05-08 18:05:12 CEST

CC: boklm => (none)