Bug 12581

Summary: Security update request for flash-player-plugin, to 11.2.202.336
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: High CC: spm, stormi-mageia, sysadmin-bugs, tmb, wassi
Version: 4Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
Whiteboard: advisory has_procedure MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK
Source RPM: flash-player-plugin CVE: CVE-2014-0497
Status comment:

Description Anssi Hannula 2014-02-04 21:41:45 CET 
Advisory:
============
Adobe Flash Player 11.2.202.336 contains a fix to a critical security vulnerability found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system.

This update resolves an integer underflow vulnerability that could be exploited to execute arbitrary code on the affected system (CVE-2014-0497).

Adobe is aware of reports that an exploit for this vulnerability exists in the wild.

References:
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0497
============

Updated Flash Player 11.2.202.336 packages are in mga3+mga4 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.336-1.mga3.nonfree
flash-player-plugin-11.2.202.336-1.mga4.nonfree

Binary packages:
flash-player-plugin-11.2.202.336-1.mga3.nonfree
flash-player-plugin-kde-11.2.202.336-1.mga3.nonfree
flash-player-plugin-11.2.202.336-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.336-1.mga4.nonfree
Samuel Verschelde 2014-02-04 22:01:31 CET

CC: (none) => stormi
Severity: major => critical

Comment 1 Thomas Backlund 2014-02-04 22:59:37 CET 
*** Bug 12591 has been marked as a duplicate of this bug. ***

CC: (none) => spm

Comment 2 Rémi Verschelde 2014-02-04 23:39:35 CET 
Testing on Mageia 4 x86_64. Everything seems to work as intended. I will report back if I notice anything suspicious.

CC: (none) => remi

Comment 3 Manuel Hiebel 2014-02-04 23:42:15 CET 
looks good here

Whiteboard: (none) => MGA3TOO mga3-64-ok

Rémi Verschelde 2014-02-04 23:43:20 CET

Whiteboard: MGA3TOO mga3-64-ok => MGA3TOO MGA3-64-OK MGA4-64-OK

Comment 4 Thomas Backlund 2014-02-05 00:06:58 CET 
*** Bug 12591 has been marked as a duplicate of this bug. ***
Comment 5 Rémi Verschelde 2014-02-05 13:12:00 CET 
Testing complete on Mageia 4 i586. Successfully ran a few flash-based applications such as the Youtube watcher, random flash games on the Internet and an Adobe test page[1], both in Firefox and Konqueror.

--
[1] https://helpx.adobe.com/flash-player.html

CC: remi => (none)
Whiteboard: MGA3TOO MGA3-64-OK MGA4-64-OK => MGA3TOO MGA3-64-OK MGA4-32-OK MGA4-64-OK

Comment 6 user7 2014-02-05 13:18:33 CET 
Tested on Mageia 3, 32 bits. Everything works fine (tested youtube + online games). I will report back if I experience any problems.
user7 2014-02-05 13:18:50 CET

CC: (none) => wassi
Whiteboard: MGA3TOO MGA3-64-OK MGA4-32-OK MGA4-64-OK => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK

Comment 7 claire robinson 2014-02-05 14:00:02 CET 
Validating. Advisory uploaded.

Could sysadmin please push from 3 & 4 nonfree/updates_testing to updates.

Thanks!

Keywords: (none) => validated_update
Whiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK => advisory has_procedure MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK
CC: (none) => sysadmin-bugs

Comment 8 Thomas Backlund 2014-02-05 16:45:34 CET 
Update pushed:
http://advisories.mageia.org/MGASA-2014-0035.html

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED