Bug 3314

Summary: Update request for flash-player-plugin, to 11.1.102.55
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: High CC: davidwhodgins, geiger.david68210, pham182b, sysadmin-bugs, tmb
Version: 1Keywords: Security, validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: flash-player-plugin CVE:
Status comment:

Description Anssi Hannula 2011-11-11 01:32:13 CET 
Flash Player 11.1.102.55 has been pushed to mga1 nonfree/updates_testing.

Note that the current packages in nonfree/updates are no longer installable due to Adobe changes, so this requires a speedy update!

Advisory:
============
Adobe Flash Player 11.1.102.55 contains fixes to security vulnerabilities found in earlier versions, plus other fixes and enhancements.

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, CVE-2011-2460).

This update resolves a heap corruption vulnerability that could lead to code execution (CVE-2011-2450).

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2456).

This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2011-2457).

References:
http://www.adobe.com/support/security/bulletins/apsb11-28.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2460
============

Updated Flash Player 11.1.102.55 packages are in mga1 nonfree/updates_testing
as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and x86_64).

==========
Suggested testing procedure:
==========
Package installs and Flash works.

The current packages in /updates are non-installable, so we need to get this one out ASAP.
Comment 1 Dave Hodgins 2011-11-11 02:36:02 CET 
Testing complete on i586 for the srpm
flash-player-plugin-11.1.102.55-1.mga1.nonfree.src.rpm

Tested using youtube.com and
http://www.adobe.com/software/flash/about/ and youtube.com

Used systemsettings/Network and Conectivity/Adobe Flash Player,
to alter the settings for storage, and camera and mic, to
block all sites.

CC: (none) => davidwhodgins

Comment 2 Luan Pham 2011-11-11 06:17:08 CET 
Testing complete for x86_64 try both on Firefox and Chromium have no problem with site require flash-player like msnbc, YouTube and other without any problem.

CC: (none) => pham182b

Comment 3 David GEIGER 2011-11-11 08:23:00 CET 
Tested on Mageia release 1 (Official) for x86_64 and it work fine too.

I have test with Firefox8 ,Chromium and Konqueror .Any problem to declare.

CC: (none) => geiger.david68210

Comment 4 Dave Hodgins 2011-11-11 09:00:52 CET 
Validating the update.

Can someone from the sysadmin team push the srpm
flash-player-plugin-11.1.102.55-1.mga1.nonfree.src.rpm
from Nonfree Updates Testing to Nonfree Updates

Advisory:
============
Adobe Flash Player 11.1.102.55 contains fixes to security vulnerabilities found
in earlier versions, plus other fixes and enhancements.

This update resolves memory corruption vulnerabilities that could lead to code
execution (CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453,
CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, CVE-2011-2460).

This update resolves a heap corruption vulnerability that could lead to code
execution (CVE-2011-2450).

This update resolves a buffer overflow vulnerability that could lead to code
execution (CVE-2011-2456).

This update resolves a stack overflow vulnerability that could lead to code
execution (CVE-2011-2457).

References:
http://www.adobe.com/support/security/bulletins/apsb11-28.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2460

https://bugs.mageia.org/show_bug.cgi?id=3314

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Thomas Backlund 2011-11-11 20:43:41 CET 
Update pushed.

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED