Bug 11689 - Security update request for flash-player-plugin, to 11.2.202.327
: Security update request for flash-player-plugin, to 11.2.202.327
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: All Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
: Sec team
: http://www.adobe.com/support/security...
: MGA2TOO advisory has_procedure mga2-3...
: Security, validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-11-17 00:25 CET by Anssi Hannula
Modified: 2013-11-18 15:47 CET (History)
3 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2013-5329, CVE-2013-5330


Attachments

Description Anssi Hannula 2013-11-17 00:25:54 CET
Advisory:
============
Adobe Flash Player 11.2.202.327 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2013-5329, CVE-2013-5330).

References:
http://www.adobe.com/support/security/bulletins/apsb13-26.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5330
============

Updated Flash Player 11.2.202.327 packages are in mga2+mga3 nonfree/updates_testing as flash-player-plugin and flash-player-plugin-kde.

Source packages:
flash-player-plugin-11.2.202.327-1.mga3.nonfree
flash-player-plugin-11.2.202.327-1.mga2.nonfree
Comment 1 claire robinson 2013-11-17 09:44:43 CET
Could you remember to add rpm list too Anssi please.

rpms are flash-player-plugin and flash-player-plugin-kde
Comment 2 claire robinson 2013-11-17 09:54:34 CET
Testing complete mga2 32

Checked flash plays ok (youtube etc) and correct version is displayed here
https://www.adobe.com/swf/software/flash/about/flashAbout_info_small.swf

Also used flash settings in kde settings to delete all local storage
Comment 3 William Kenney 2013-11-17 17:19:43 CET
In Whiteboard: MGA3-32-OK

In VirtualBox, M3, KDE, 32-bit

Package(s) under test:
flash-player-plugin


Default package installed:
[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-11.2.202.310-1.mga3.nonfree.i586 is already installed
Vidoes play normally on YouTube

Install flash-player-plugin updates from nonfree updates_testing:

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-11.2.202.327-1.mga3.nonfree.i586 is already installed
Vidoes play normally on YouTube

https://www.adobe.com/swf/software/flash/about/flashAbout_info_small.swf
You have version 11,2,202,327 installed


Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm
Comment 4 William Kenney 2013-11-17 17:42:51 CET
In Whiteboard: MGA3-64-OK

In VirtualBox, M3, KDE, 64-bit

Package(s) under test:
flash-player-plugin

Default package installed:
[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-11.2.202.310-1.mga3.nonfree.x86_64 is already installed
https://www.adobe.com/swf/software/flash/about/flashAbout_info_small.swf
You have version 11,2,202,310 installed
Vidoes play normally on YouTube

Install flash-player-plugin updates from nonfree updates_testing:

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-11.2.202.327-1.mga3.nonfree.x86_64 is already installed
https://www.adobe.com/swf/software/flash/about/flashAbout_info_small.swf
You have version 11,2,202,327 installed
Vidoes play normally on YouTube

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm
Comment 5 William Kenney 2013-11-17 18:15:47 CET
In Whiteboard: MGA2-64-OK

In VirtualBox, M2, KDE, 64-bit

Package(s) under test:
flash-player-plugin

Default package installed:
[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-11.2.202.310-1.mga2.nonfree.x86_64 is already installed
https://www.adobe.com/swf/software/flash/about/flashAbout_info_small.swf
You have version 11,2,202,310 installed
Vidoes play normally on YouTube

Install flash-player-plugin updates from nonfree updates_testing:

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-11.2.202.327-1.mga2.nonfree.x86_64 is already installed
https://www.adobe.com/swf/software/flash/about/flashAbout_info_small.swf
You have version 11,2,202,327 installed
Vidoes play normally on YouTube

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm
Comment 6 claire robinson 2013-11-18 10:00:06 CET
Validating. Advisory uploaded.

Could sysadmin please push from 2&3 nonfree/updates_testing to updates

Thanks!
Comment 7 Thomas Backlund 2013-11-18 15:47:49 CET
Update pushed:
http://advisories.mageia.org/MGASA-2013-0328.html

Note You need to log in before you can comment on or make changes to this bug.