Bug 13520

Summary: Security update request for flash-player-plugin, to 11.2.202.378
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs, tmb
Version: 4Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA3TOO advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
Source RPM: flash-player-plugin CVE: CVE-2014-0531, CVE-2014-0532, CVE-2014-0533, CVE-2014-0534, CVE-2014-0535, CVE-2014-0536
Status comment:

Description Anssi Hannula 2014-06-12 17:28:43 CEST 
Advisory:
============
Adobe Flash Player 11.2.202.378 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This updates resolves cross-site-scripting vulnerabilities (CVE-2014-0531, CVE-2014-0532, CVE-2014-0533).

This updates resolves security bypass vulnerabilities (CVE-2014-0534, CVE-2014-0535).

This updates resolves a memory corruption vulnerability that could result in arbitrary code execution (CVE-2014-0536).

References:
http://helpx.adobe.com/security/products/flash-player/apsb14-16.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0536
============

Updated Flash Player 11.2.202.378 packages are in mga3+mga4
nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.378-1.mga3.nonfree
flash-player-plugin-11.2.202.378-1.mga4.nonfree

Binary packages:
flash-player-plugin-11.2.202.378-1.mga3.nonfree
flash-player-plugin-kde-11.2.202.378-1.mga3.nonfree
flash-player-plugin-11.2.202.378-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.378-1.mga4.nonfree
Anssi Hannula 2014-06-12 17:28:53 CEST

Whiteboard: (none) => MGA3TOO

Comment 1 claire robinson 2014-06-13 16:44:00 CEST 
Testing complete mga4 64

Whiteboard: MGA3TOO => MGA3TOO mga4-64-ok

Comment 2 claire robinson 2014-06-13 17:12:46 CEST 
Testing complete mga4 32 and mga3 32 & 64

Validating. Advisory uploaded with correct length lines :)

Could sysadmin please push to 3 & 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA3TOO mga4-64-ok => MGA3TOO advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 3 Thomas Backlund 2014-06-14 00:09:18 CEST 
Update pushed:
http://advisories.mageia.org/MGASA-2014-0261.html

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED