Bug 7749

Summary: Security update request for flash-player-plugin, to 11.2.202.243
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, ed_rus099, geiger.david68210, lemonzest, sysadmin-bugs, tmb, wassi
Version: 2Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA1TOO, MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK
Source RPM: flash-player-plugin CVE:
Status comment:

Description Anssi Hannula 2012-10-09 18:20:31 CEST 
Flash Player 11.2.202.243 has been pushed to mga1+mga2 nonfree/updates_testing.

Advisory:
============
Adobe Flash Player 11.2.202.243 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

This update resolves various buffer overflow vulnerabilities that could lead to code execution (CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5257, CVE-2012-5259, CVE-2012-5260, CVE-2012-5262, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266).

This update resolves various memory corruption vulnerabilities that could lead to code execution (CVE-2012-5252, CVE-2012-5256, CVE-2012-5258, CVE-2012-5261, CVE-2012-5263, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272).

References:
http://www.adobe.com/support/security/bulletins/apsb12-22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5272
============

Updated Flash Player 11.2.202.243 packages are in mga1+mga2
nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and
flash-player-plugin-kde (i586 and x86_64).

==========
Suggested testing procedure:
==========
Package installs and Flash works.
Comment 1 David GEIGER 2012-10-09 20:08:09 CEST 
Testing complete for flash-player-plugin-11.2.202.243-1.mga2.nonfree on Mageia release 2 (Official) for x86_64 ,for me it's Ok it works fine and nothing to report.

Ditto for flash-player-plugin-kde-11.2.202.243-1.mga2.nonfree .

Test with several video on Youtube ,Dailymotion ,Pluzz.fr , ......

CC: (none) => geiger.david68210

Eduard Beliaev 2012-10-10 00:12:15 CEST

Whiteboard: (none) => MGA2-64-OK

Comment 2 Eduard Beliaev 2012-10-10 00:48:41 CEST 
Here works too on Mageia 2 x86_64, I will test it in i586.

CC: (none) => ed_rus099

Comment 3 Eduard Beliaev 2012-10-10 03:39:55 CEST 
Tested on Mageia 2 i586, the videos are running well but without sound as I am using an Virtual box install...
Comment 4 Simon Putt 2012-10-10 12:48:56 CEST 
Working well on youtube, 1080p full screen is ok too, hardly any buffering/stutters, plays smooth. sound works fine too.

CC: (none) => lemonzest

user7 2012-10-11 02:37:07 CEST

CC: (none) => wassi
Whiteboard: MGA2-64-OK => MGA1TOO, MGA2-64-OK

Comment 5 Dave Hodgins 2012-10-11 06:19:27 CEST 
Testing complete.

Could someone from the sysadmin team push the srpm
flash-player-plugin-11.2.202.243-1.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates and the srpm
flash-player-plugin-11.2.202.243-1.mga1.nonfree.src.rpm
from Mageia 1 Nonfree Updates Testing to Nonfree Updates.

Advisory:
Adobe Flash Player 11.2.202.243 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves various buffer overflow vulnerabilities that could lead to
code execution (CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251,
CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5257, CVE-2012-5259,
CVE-2012-5260, CVE-2012-5262, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266).

This update resolves various memory corruption vulnerabilities that could lead
to code execution (CVE-2012-5252, CVE-2012-5256, CVE-2012-5258, CVE-2012-5261,
CVE-2012-5263, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270,
CVE-2012-5271, CVE-2012-5272).

References:
http://www.adobe.com/support/security/bulletins/apsb12-22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5272

https://bugs.mageia.org/show_bug.cgi?id=7749

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: MGA1TOO, MGA2-64-OK => MGA1TOO, MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK

Comment 6 Thomas Backlund 2012-10-11 09:34:39 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0290

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED