Bug 17945

Summary: Security update request for flash-player-plugin, to 11.2.202.577 (0-day)
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: High CC: davidwhodgins, sysadmin-bugs
Version: 5Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
Whiteboard: MGA5-64-OK advisory
Source RPM: flash-player-plugin CVE: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-1000 CVE-2016-1001 CVE-2016-1005 CVE-2016-1010
Status comment:

Description Anssi Hannula 2016-03-10 17:43:02 CET 
Advisory:
============
Adobe Flash Player 11.2.202.577 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This update resolves integer overflow vulnerabilities that could lead to code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).

This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-1000).

This update resolves a heap overflow vulnerability that could lead to code execution (CVE-2016-1001).

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1005).

Adobe reports that an exploit for CVE-2016-1010 is being used in limited, targeted attacks.

References:
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1010
============

CVEs: CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-1000, CVE-2016-1001, CVE-2016-1005, CVE-2016-1010

Updated Flash Player 11.2.202.577 packages are in mga5 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.577-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde
Dave Hodgins 2016-03-10 19:54:15 CET

Keywords: (none) => validated_update
Whiteboard: (none) => MGA5-64-OK advisory
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 1 Mageia Robot 2016-03-11 00:38:27 CET 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0109.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED