Bug 18158

Summary: Security update request for flash-player-plugin, to 11.2.202.616 (0-day)
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: High CC: andrewsfarm, davidwhodgins, sysadmin-bugs, tmb
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
Whiteboard: has_procedure mga5-64-ok mga5-32-ok advisory
Source RPM: flash-player-plugin CVE: 24 CVEs
Status comment:

Description Anssi Hannula 2016-04-07 22:20:17 CEST 
We don't yet have the release notes or security bulletin from Adobe, but I expect the newly posted version to fix CVE-2016-1019 which is being actively exploited on Windows so I've submitted it to testing already.

I'll add the advisory as a comment once Adobe publishes the security bulletin, which I expect to happen within 24 hours.


Updated Flash Player 11.2.202.616 packages are in mga5 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.616-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde
Comment 1 claire robinson 2016-04-07 23:22:42 CEST 
Thanks Anssi. Testing complete mga5 64

Watched flash video (rogue one trailer) and duran duran and deleted flash storage in kde system settings.

Whiteboard: (none) => has_procedure mga5-64-ok

claire robinson 2016-04-07 23:23:16 CEST

Severity: major => critical

Comment 2 Thomas Andrews 2016-04-08 00:47:33 CEST 
Seems to work OK in i586, too.

CC: (none) => andrewsfarm
Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-64-ok mga5-32-ok

Comment 3 David Walser 2016-04-08 00:51:52 CEST 
Confirmed working on Mageia 5 i586.  Validating.

Keywords: Security => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Dave Hodgins 2016-04-08 05:48:04 CEST 
Following advisory added for now, so update can be pushed.

type: security
subject: Updated flash-player-plugin packages fix security vulnerability
src:
  5:
   nonfree:
     - flash-player-plugin-11.2.202.616-1.mga5.nonfree
description: |
  Details to be provided when available.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=18158

CC: (none) => davidwhodgins
Whiteboard: has_procedure mga5-64-ok mga5-32-ok => has_procedure mga5-64-ok mga5-32-ok advisory

Comment 5 Anssi Hannula 2016-04-08 07:55:34 CEST 
Adobe has released a Security Bulletin, so here is a full suggested advisory:

Advisory:
============
Adobe Flash Player 11.2.202.616 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This update hardens a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations (CVE-2016-1006).

This update resolves type confusion vulnerabilities that could lead to code execution (CVE-2016-1015, CVE-2016-1019).

This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, CVE-2016-1031).

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033).

This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2016-1018).

This update resolves a security bypass vulnerability (CVE-2016-1030).

This update resolves a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-1014).

Adobe reports that CVE-2016-1019 is already being actively exploited on Windows systems.

References:
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1033
============

CVEs: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033

URL: https://helpx.adobe.com/security/products/flash-player/apsa16-01.html => https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
CVE: CVE-2016-1019 => 24 CVEs

Comment 6 Thomas Backlund 2016-04-08 08:16:52 CEST 
advisory updated in svn

CC: (none) => tmb

Comment 7 Mageia Robot 2016-04-08 08:17:59 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0134.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED