Bug 10742 - Security update request for flash-player-plugin, to 11.2.202.297
: Security update request for flash-player-plugin, to 11.2.202.297
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: Sec team
:
: MGA2TOO MGA3-32-OK mga2-64-ok MGA3-64...
: Security, validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-07-09 19:19 CEST by Anssi Hannula
Modified: 2013-07-09 20:40 CEST (History)
3 users (show)

See Also:
Source RPM: flash-player-plugin
CVE:
Status comment:


Attachments

Description Anssi Hannula 2013-07-09 19:19:56 CEST
Advisory:
============
Adobe Flash Player 11.2.202.297 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves a heap buffer overflow vulnerability that could lead to code execution (CVE-2013-3344). 

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-3345). 

This update resolves an integer overflow when resampling a user-supplied PCM buffer (CVE-2013-3347). 

References:
http://www.adobe.com/support/security/bulletins/apsb13-17.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3347
============

Updated Flash Player 11.2.202.297 packages are in mga2+mga3 nonfree/updates_testing as flash-player-plugin and flash-player-plugin-kde.

Source packages:
flash-player-plugin-11.2.202.297-1.mga3.nonfree
flash-player-plugin-11.2.202.297-1.mga2.nonfree
Comment 1 William Kenney 2013-07-09 19:50:08 CEST
MGA3-32-OK

Ran some YouTube videos and checked running Flash version

Tested on:
Intel Core i7-2600K Sandy Bridge 3.4GHz LGA 1155
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 Intel Z68 SATA 6Gb/s MoBo
GIGABYTE GV-N440D3-1GI GeForce GT 440 (Fermi)
CORSAIR Vengeance 16GB (4 x 4GB)
Virtualbox-4.2.12-2.mga3.x86-64
Comment 2 William Kenney 2013-07-09 20:02:20 CEST
MGA3-64-OK

Ran some YouTube videos and checked running Flash version

Tested on:
Intel Core i7-2600K Sandy Bridge 3.4GHz LGA 1155
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 Intel Z68 SATA 6Gb/s MoBo
GIGABYTE GV-N440D3-1GI GeForce GT 440 (Fermi)
CORSAIR Vengeance 16GB (4 x 4GB)
Virtualbox-4.2.12-2.mga3.x86-64
Comment 3 claire robinson 2013-07-09 20:11:36 CEST
Testing complete mga3 64 & mga2 32

Tested youtube and flash player website, also deleted stored stuff in kde flash settings.
Comment 4 claire robinson 2013-07-09 20:17:13 CEST
Thanks Anssi.

Validating. Advisory uploaded.

Could sysadmin please push from 2 & 3 nonfree/updates_testing to nonfree/updates

Thanks!
Comment 5 Thomas Backlund 2013-07-09 20:40:09 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2013-0207.html

Note You need to log in before you can comment on or make changes to this bug.