Bug 18720

Summary: Security update request for flash-player-plugin, to 11.2.202.626 (0-day)
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: High CC: sysadmin-bugs, tmb
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
Whiteboard: has_procedure mga5-32-ok mga5-64-ok advisory
Source RPM: flash-palyer-plugin CVE: 36 CVEs, too many to fit here, listed in description
Status comment:

Description Anssi Hannula 2016-06-16 22:47:58 CEST 
Advisory:
============
Adobe Flash Player 11.2.202.626 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This update resolves type confusion vulnerabilities that could lead to code execution (CVE-2016-4144, CVE-2016-4149).

This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148).

This update resolves heap buffer overflow vulnerabilities that could lead to code execution (CVE-2016-4135, CVE-2016-4136, CVE-2016-4138).

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171).

This update resolves a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-4140).

This update resolves a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2016-4139). 

Adobe reports that an exploit for CVE-2016-4171 exists in the wild.

References:
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4171

============

CVEs: CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171

Updated Flash Player packages are in mga5 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.626-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde
Comment 1 Anssi Hannula 2016-06-16 22:52:22 CEST 
The submitted package had an incorrect changelog and I've submitted a new package to mga5 testing:

flash-player-plugin-11.2.202.626-1.1.mga5.nonfree
Comment 2 claire robinson 2016-06-16 23:59:00 CEST 
Testing complete mga5 64

https://helpx.adobe.com/flash-player.html & video on bbc.co.uk in firefox

Checked correct version being installed..
"Downloading from http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.626/flash-plugin-11.2.202.626-release.x86_64.rpm:"

Whiteboard: (none) => has_procedure mga5-64-ok

Comment 3 David Walser 2016-06-17 02:19:11 CEST 
Testing complete Mageia 5 i586.

Tested Adobe's flash test page and a music video on vimeo.com (since YouTube seems to only want to use the HTML5 player with no sound now).

Keywords: Security => validated_update
Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok
CC: (none) => sysadmin-bugs

Comment 4 Thomas Backlund 2016-06-17 07:51:38 CEST 
 advisory added

CC: (none) => tmb
Whiteboard: has_procedure mga5-32-ok mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok advisory

Comment 5 Mageia Robot 2016-06-17 07:58:54 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0228.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED