Bug 10742 - Security update request for flash-player-plugin, to 11.2.202.297
Summary: Security update request for flash-player-plugin, to 11.2.202.297
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA2TOO MGA3-32-OK mga2-64-ok MGA3-64...
Keywords: Security, validated_update
Depends on:
Blocks:
 
Reported: 2013-07-09 19:19 CEST by Anssi Hannula
Modified: 2013-07-09 20:40 CEST (History)
3 users (show)

See Also:
Source RPM: flash-player-plugin
CVE:
Status comment:


Attachments

Description Anssi Hannula 2013-07-09 19:19:56 CEST
Advisory:
============
Adobe Flash Player 11.2.202.297 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves a heap buffer overflow vulnerability that could lead to code execution (CVE-2013-3344). 

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-3345). 

This update resolves an integer overflow when resampling a user-supplied PCM buffer (CVE-2013-3347). 

References:
http://www.adobe.com/support/security/bulletins/apsb13-17.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3347
============

Updated Flash Player 11.2.202.297 packages are in mga2+mga3 nonfree/updates_testing as flash-player-plugin and flash-player-plugin-kde.

Source packages:
flash-player-plugin-11.2.202.297-1.mga3.nonfree
flash-player-plugin-11.2.202.297-1.mga2.nonfree
Manuel Hiebel 2013-07-09 19:24:25 CEST

Whiteboard: (none) => MGA2TOO mga2-64-ok

Comment 1 William Kenney 2013-07-09 19:50:08 CEST
MGA3-32-OK

Ran some YouTube videos and checked running Flash version

Tested on:
Intel Core i7-2600K Sandy Bridge 3.4GHz LGA 1155
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 Intel Z68 SATA 6Gb/s MoBo
GIGABYTE GV-N440D3-1GI GeForce GT 440 (Fermi)
CORSAIR Vengeance 16GB (4 x 4GB)
Virtualbox-4.2.12-2.mga3.x86-64

CC: (none) => wilcal.int
Whiteboard: MGA2TOO mga2-64-ok => MGA2TOO MGA3-32-OK mga2-64-ok

claire robinson 2013-07-09 20:00:59 CEST

Whiteboard: MGA2TOO MGA3-32-OK mga2-64-ok => MGA2TOO MGA3-32-OK mga2-64-ok mga3-64-ok

Comment 2 William Kenney 2013-07-09 20:02:20 CEST
MGA3-64-OK

Ran some YouTube videos and checked running Flash version

Tested on:
Intel Core i7-2600K Sandy Bridge 3.4GHz LGA 1155
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 Intel Z68 SATA 6Gb/s MoBo
GIGABYTE GV-N440D3-1GI GeForce GT 440 (Fermi)
CORSAIR Vengeance 16GB (4 x 4GB)
Virtualbox-4.2.12-2.mga3.x86-64

Whiteboard: MGA2TOO MGA3-32-OK mga2-64-ok mga3-64-ok => MGA2TOO MGA3-32-OK mga2-64-ok MGA3-64-OK

Comment 3 claire robinson 2013-07-09 20:11:36 CEST
Testing complete mga3 64 & mga2 32

Tested youtube and flash player website, also deleted stored stuff in kde flash settings.
claire robinson 2013-07-09 20:11:47 CEST

Whiteboard: MGA2TOO MGA3-32-OK mga2-64-ok MGA3-64-OK => MGA2TOO MGA3-32-OK mga2-64-ok MGA3-64-OK mga2-32-ok

Comment 4 claire robinson 2013-07-09 20:17:13 CEST
Thanks Anssi.

Validating. Advisory uploaded.

Could sysadmin please push from 2 & 3 nonfree/updates_testing to nonfree/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Thomas Backlund 2013-07-09 20:40:09 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2013-0207.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.