Bug 2805

Summary: Update request for flash-player-plugin, to 10.3.183.10
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, olivier.delaune, sysadmin-bugs
Version: 1Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: flash-player-plugin CVE:
Status comment:

Description Anssi Hannula 2011-09-22 02:46:09 CEST 
Flash Player 10.3.183.10 has been pushed to mga1 nonfree/updates_testing.

Advisory:
============
Adobe Flash Player 10.3.183.10 contains fixes to critical security vulnerabilities found in 10.3.183.7 and earlier versions.

Several of the issues can cause a crash and may allow an attacker to take control of the affected system (CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430).

A universal cross-site scripting issue can be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website (CVE-2011-2444). This issue is reportedly already being exploited in targeted attacks.

A Flash Player security control bypass issue can lead to information disclosure (CVE-2011-2429).

References:
http://www.adobe.com/support/security/bulletins/apsb11-26.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2444
============

Updated Flash Player 10.3.183.10 packages are in mga1 nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586).
Comment 1 Dave Hodgins 2011-09-22 03:45:47 CEST 
Testing complete on i586.

Tested systemsettings/Adobe Flash player,
http://www.adobe.com/software/flash/about/
and http://www.youtube.com in both firefox and opera.

CC: (none) => davidwhodgins

Comment 2 Dave Hodgins 2011-09-22 04:00:10 CEST 
I should have noted the srpm is
flash-player-plugin-10.3.183.10-1.mga1.nonfree.src.rpm
Comment 3 Olivier Delaune 2011-09-22 09:11:39 CEST 
Tested on 64-bits. Looks ok with firefox.

CC: (none) => olivier.delaune

Comment 4 Dave Hodgins 2011-09-22 09:21:42 CEST 
Update validated.

Can someone from the sysadmin team push the srpm
flash-player-plugin-10.3.183.10-1.mga1.nonfree.src.rpm
from Nonfree Updates Testing to Nonfree Updates.

Advisory:
Adobe Flash Player 10.3.183.10 contains fixes to critical security
vulnerabilities found in 10.3.183.7 and earlier versions.

Several of the issues can cause a crash and may allow an attacker to take
control of the affected system (CVE-2011-2426, CVE-2011-2427, CVE-2011-2428,
CVE-2011-2430).

A universal cross-site scripting issue can be used to take actions on a user's
behalf on any website or webmail provider if the user visits a malicious
website (CVE-2011-2444). This issue is reportedly already being exploited in
targeted attacks.

A Flash Player security control bypass issue can lead to information disclosure
(CVE-2011-2429).

References:
http://www.adobe.com/support/security/bulletins/apsb11-26.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2444

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Nicolas Vigier 2011-09-23 21:56:03 CEST 
pushed to updates.

Status: NEW => RESOLVED
CC: (none) => boklm
Resolution: (none) => FIXED

Nicolas Vigier 2014-05-08 18:06:44 CEST

CC: boklm => (none)