Bug 16970

Summary: Security update request for flash-player-plugin, to 11.2.202.540
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: High CC: sysadmin-bugs, tmb, westel
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA5-64-OK MGA5-32-OK advisory
Source RPM: flash-player-plugin CVE: CVE-2015-7645, CVE-2015-7647, CVE-2015-7648
Status comment:

Description Anssi Hannula 2015-10-16 18:21:18 CEST 
Advisory:
============
Adobe Flash Player 11.2.202.540 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This update resolves type confusion vulnerabilities that could lead to code execution (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648).

An exploit for CVE-2015-7645 is being used in the wild.

References:
https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7648
============

CVEs: CVE-2015-7645, CVE-2015-7647, CVE-2015-7648

Updated Flash Player 11.2.202.540 packages are in mga5 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.540-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde
Comment 1 Thomas Backlund 2015-10-16 23:06:46 CEST 
works ok on 64bit

Whiteboard: (none) => MGA5-64-OK
CC: (none) => tmb

Comment 2 Ben McMonagle 2015-10-17 03:12:03 CEST 
works ok on32bit-  earthcam hd window + full screen
                   earthcam sd window + full screen

Whiteboard: MGA5-64-OK => MGA5-64-OK, MGA5-32-OK
CC: (none) => westel

Comment 3 David Walser 2015-10-17 04:00:21 CEST 
Confirmed working on i586.  Validating now.

Please upload the advisory and push to nonfree/updates.  Thanks.

CC: (none) => sysadmin-bugs
Keywords: Security => validated_update
Whiteboard: MGA5-64-OK, MGA5-32-OK => MGA5-64-OK MGA5-32-OK

Comment 4 Thomas Backlund 2015-10-17 10:46:01 CEST 
advisory added

Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisory

Comment 5 Mageia Robot 2015-10-17 10:54:09 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0404.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED