Bug 8006

Summary: Security update request for flash-player-plugin, to 11.2.202.251
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, tmb
Version: 2Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK
Source RPM: flash-player-plugin CVE:
Status comment:

Description Anssi Hannula 2012-11-07 00:29:06 CET 
Flash Player 11.2.202.251 has been pushed to mga1+mga2 nonfree/updates_testing.

Advisory:
============
Adobe Flash Player 11.2.202.251 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves buffer overflow vulnerabilities that could lead to code execution (CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280).

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2012-5279).

This update resolves a security bypass vulnerability that could lead to code execution (CVE-2012-5278).

References:
http://www.adobe.com/support/security/bulletins/apsb12-24.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5280
============

Updated Flash Player 11.2.202.251 packages are in mga1+mga2
nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and
flash-player-plugin-kde (i586 and x86_64).

==========
Suggested testing procedure:
==========
Package installs and Flash works.
Comment 1 Dave Hodgins 2012-11-07 03:42:52 CET 
Testing complete, Mageia 1 and 2, i586 and x86-64.

Could someone from the sysadmin team push the srpm
flash-player-plugin-11.2.202.251-1.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates and the srpm
flash-player-plugin-11.2.202.251-1.mga1.nonfree.src.rpm
from Mageia 1 Nonfree Updates Testing to Nonfree Updates.

Advisory: Adobe Flash Player 11.2.202.251 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves buffer overflow vulnerabilities that could lead to code
execution (CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277,
CVE-2012-5280).

This update resolves memory corruption vulnerabilities that could lead to code
execution (CVE-2012-5279).

This update resolves a security bypass vulnerability that could lead to code
execution (CVE-2012-5278).

References:
http://www.adobe.com/support/security/bulletins/apsb12-24.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5280

https://bugs.mageia.org/show_bug.cgi?id=8006

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: (none) => MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK

Comment 2 Thomas Backlund 2012-11-07 11:25:54 CET 
Update pushed
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0325

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED