Bug 15116

Summary: Update request for flash-player-plugin, to 11.2.202.438
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal CC: sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://helpx.adobe.com/security/products/flash-player/apsb15-02.html
Whiteboard: has_procedure advisory mga4-32-ok mga4-64-ok
Source RPM: flash-player-plugin CVE:
Status comment:

Description Anssi Hannula 2015-01-22 18:58:20 CET 
Advisory:
============
Adobe Flash Player 11.2.202.438 contains a fix to a memory leak.

The memory leak could be used circumvent memory address randomization on the Windows platform (CVE-2015-0310) and is being exploited in the wild on that platform, but Adobe has not reported that this memory leak would be exploitable on Linux.

References:
http://helpx.adobe.com/security/products/flash-player/apsb15-02.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0310
============

Since there does not seem to be security implications on Linux, I've made this a non-security update.


Updated Flash Player 11.2.202.438 packages are in mga4 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.438-1.mga4.nonfree

Binary packages:
flash-player-plugin-11.2.202.438-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.438-1.mga4.nonfree
Comment 1 claire robinson 2015-01-23 13:55:38 CET 
Let's give this greater priority.

Testing now..

Component: RPM Packages => Security
Severity: normal => major

Comment 2 claire robinson 2015-01-23 14:33:29 CET 
Testing complete mga4 32 and 64

flash video from several sites including over https, used kde system settings to delete all flash storage. Hardware acceleration in use. Viewed settings in the right click menu when flash video playing.

Whiteboard: (none) => has_procedure mga4-32-ok mga4-64-ok

Comment 3 claire robinson 2015-01-23 18:09:38 CET 
Validating. Bugfix advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-32-ok mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2015-01-24 15:32:40 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGAA-2015-0008.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED