Bug 14456

Summary: Security update request for flash-player-plugin, to 11.2.202.411
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210, olchal, pterjan, rverschelde, sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
Whiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK advisory
Source RPM: flash-player-plugin CVE: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
Status comment:
Bug Depends on: 14506    
Bug Blocks:    

Description Anssi Hannula 2014-11-04 17:57:34 CET 
Advisory:
============
Adobe Flash Player 11.2.202.411 contains fixes to critical security 
vulnerabilities found in earlier versions that could potentially allow an 
attacker to take control of the affected system.

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2014-0564, CVE-2014-0558).

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2014-0569).

References:
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0569
============

Updated Flash Player 11.2.202.411 packages are in mga3+mga4
nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.411-1.mga3.nonfree
flash-player-plugin-11.2.202.411-1.mga4.nonfree

Binary packages:
flash-player-plugin-11.2.202.411-1.mga3.nonfree
flash-player-plugin-kde-11.2.202.411-1.mga3.nonfree
flash-player-plugin-11.2.202.411-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.411-1.mga4.nonfree
Anssi Hannula 2014-11-04 17:57:48 CET

Whiteboard: (none) => MGA3TOO

Comment 1 David Walser 2014-11-04 20:16:25 CET 
Tested successfully on Mageia 3 i586 and Mageia 4 i586.

Whiteboard: MGA3TOO => MGA3TOO MGA3-32-OK MGA4-32-OK

Comment 2 David GEIGER 2014-11-07 07:35:55 CET 
Tested mga4_64,

Testing complete for the new flash-player-plugin-11.2.202.411-1.mga4.nonfree, Ok for me and all flash-player test seems to work properly.

flash-player-plugin-11.2.202.411-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.411-1.mga4.nonfree

CC: (none) => geiger.david68210
Whiteboard: MGA3TOO MGA3-32-OK MGA4-32-OK => MGA3TOO MGA3-32-OK MGA4-32-OK MGA4-64-OK

Comment 3 RĂ©mi Verschelde 2014-11-07 17:30:49 CET 
Advisory uploaded.

CC: (none) => remi
Whiteboard: MGA3TOO MGA3-32-OK MGA4-32-OK MGA4-64-OK => MGA3TOO MGA3-32-OK MGA4-32-OK MGA4-64-OK advisory

Comment 4 olivier charles 2014-11-07 22:01:11 CET 
Tested on Mageia3-64,

Before :

You have version 11,2,202,406 installed

Updated testing packages :
- flash-player-plugin-11.2.202.411-1.mga3.nonfree.x86_64
- flash-player-plugin-kde-11.2.202.411-1.mga3.nonfree.x86_64

Verified on Adobe test :

You have version 11,2,202,411 installed

Ran 2 other tests found on web 
https://helpx.adobe.com/flash-player.html
http://www.scottsdaleaz.gov/traffic/roundabouts/test001

which showed flashplayer working and updated version installed.

CC: (none) => olchal
Whiteboard: MGA3TOO MGA3-32-OK MGA4-32-OK MGA4-64-OK advisory => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK advisory

Comment 5 David Walser 2014-11-07 23:38:07 CET 
Sysadmins, please push this to Mageia 3 and Mageia 4 nonfree/updates.

Keywords: Security => validated_update
CC: (none) => sysadmin-bugs

Comment 6 Pascal Terjan 2014-11-14 02:19:40 CET 
I guess this is obsoleted by https://bugs.mageia.org/show_bug.cgi?id=14506 ?

CC: (none) => pterjan

Comment 7 Pascal Terjan 2014-11-14 02:34:45 CET 
(Also I wonder why this bug was originally not listed by bugzilla, then appeared after I had started publishing 14506, then disappeared again from the search...)
Comment 8 David Walser 2014-11-14 02:42:08 CET 
This is now fixed:
http://advisories.mageia.org/MGASA-2014-0448.html

Depends on: (none) => 14506

Comment 9 David Walser 2014-11-14 04:41:20 CET 
Oops, forgot to mark it as FIXED.

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED