Bug 6385

Ok on mga1 x86_64

Component: RPM Packages => Security
Blocks: 6384 => (none)
Whiteboard: (none) => mga1-64-OK,

I tested on mga1 i586 myself, seems to work.

Validating the update.

Could someone from the sysadmin team push the srpm
flash-player-plugin-11.2.202.236-1.mga1.nonfree.src.rpm
from Nonfree Updates Testing to Nonfree Updates.

Note that this update should be pushed at the same time as, or after
the Mageia 2 update, in bug 6384.

Advisory: Adobe Flash Player 11.2.202.236 contains fixes to critical
security vulnerabilites found in earlier versions. These vulnerabilities
could cause a crash and potentially allow an attacker to take control of
the affected system.

This update resolves various memory corruption (CVE-2012-2034, CVE-2012-2037),
stack overflow (CVE-2012-2035), integer overflow (CVE-2012-2036), and null
dereference vulnerabilities (CVE-2012-2039) that could lead to code execution.

This update resolves a security bypass vulnerability that could lead to
information disclosure (CVE-2012-2038).

Additionally, a packaging issue is fixed which prevented XCB version of
libcairo from being used (Mageia bug #5824).

References:
http://www.adobe.com/support/security/bulletins/apsb12-14.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2039
https://bugs.mageia.org/show_bug.cgi?id=5824

https://bugs.mageia.org/show_bug.cgi?id=6385

CC: (none) => davidwhodgins, sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: mga1-64-OK, => mga1-64-OK, mga1-32-OK

Update submitted:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0114

CC: (none) => tmb
Status: NEW => RESOLVED
Resolution: (none) => FIXED