Bug 10742

Summary: Security update request for flash-player-plugin, to 11.2.202.297
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs, tmb, wilcal.int
Version: 3Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA2TOO MGA3-32-OK mga2-64-ok MGA3-64-OK mga2-32-ok
Source RPM: flash-player-plugin CVE:
Status comment:

Description Anssi Hannula 2013-07-09 19:19:56 CEST 
Advisory:
============
Adobe Flash Player 11.2.202.297 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves a heap buffer overflow vulnerability that could lead to code execution (CVE-2013-3344). 

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-3345). 

This update resolves an integer overflow when resampling a user-supplied PCM buffer (CVE-2013-3347). 

References:
http://www.adobe.com/support/security/bulletins/apsb13-17.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3347
============

Updated Flash Player 11.2.202.297 packages are in mga2+mga3 nonfree/updates_testing as flash-player-plugin and flash-player-plugin-kde.

Source packages:
flash-player-plugin-11.2.202.297-1.mga3.nonfree
flash-player-plugin-11.2.202.297-1.mga2.nonfree
Manuel Hiebel 2013-07-09 19:24:25 CEST

Whiteboard: (none) => MGA2TOO mga2-64-ok

Comment 1 William Kenney 2013-07-09 19:50:08 CEST 
MGA3-32-OK

Ran some YouTube videos and checked running Flash version

Tested on:
Intel Core i7-2600K Sandy Bridge 3.4GHz LGA 1155
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 Intel Z68 SATA 6Gb/s MoBo
GIGABYTE GV-N440D3-1GI GeForce GT 440 (Fermi)
CORSAIR Vengeance 16GB (4 x 4GB)
Virtualbox-4.2.12-2.mga3.x86-64

CC: (none) => wilcal.int
Whiteboard: MGA2TOO mga2-64-ok => MGA2TOO MGA3-32-OK mga2-64-ok

claire robinson 2013-07-09 20:00:59 CEST

Whiteboard: MGA2TOO MGA3-32-OK mga2-64-ok => MGA2TOO MGA3-32-OK mga2-64-ok mga3-64-ok

Comment 2 William Kenney 2013-07-09 20:02:20 CEST 
MGA3-64-OK

Ran some YouTube videos and checked running Flash version

Tested on:
Intel Core i7-2600K Sandy Bridge 3.4GHz LGA 1155
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 Intel Z68 SATA 6Gb/s MoBo
GIGABYTE GV-N440D3-1GI GeForce GT 440 (Fermi)
CORSAIR Vengeance 16GB (4 x 4GB)
Virtualbox-4.2.12-2.mga3.x86-64

Whiteboard: MGA2TOO MGA3-32-OK mga2-64-ok mga3-64-ok => MGA2TOO MGA3-32-OK mga2-64-ok MGA3-64-OK

Comment 3 claire robinson 2013-07-09 20:11:36 CEST 
Testing complete mga3 64 & mga2 32

Tested youtube and flash player website, also deleted stored stuff in kde flash settings.
claire robinson 2013-07-09 20:11:47 CEST

Whiteboard: MGA2TOO MGA3-32-OK mga2-64-ok MGA3-64-OK => MGA2TOO MGA3-32-OK mga2-64-ok MGA3-64-OK mga2-32-ok

Comment 4 claire robinson 2013-07-09 20:17:13 CEST 
Thanks Anssi.

Validating. Advisory uploaded.

Could sysadmin please push from 2 & 3 nonfree/updates_testing to nonfree/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Thomas Backlund 2013-07-09 20:40:09 CEST 
Update pushed:
http://advisories.mageia.org/MGASA-2013-0207.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED