Advisory: ============ Adobe Flash Player 11.2.202.332 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution (CVE-2013-5331). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-5332). References: http://helpx.adobe.com/security/products/flash-player/apsb13-28.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5332 ============ Updated Flash Player 11.2.202.332 packages are in mga3 nonfree/updates_testing. Source packages: flash-player-plugin-11.2.202.332-1.mga3.nonfree Binary packages: flash-player-plugin-11.2.202.332-1.mga3.nonfree flash-player-plugin-kde-11.2.202.332-1.mga3.nonfree
No PoC on securityfocus. Updates install, able to change settings in flash player and play videos from YouTube. All OK. My 32 bit system is on an older AMD processor, and can't use the newer flash player plugins, so I'll leave that for someone else to test.
CC: (none) => wrw105Whiteboard: (none) => mga2-64-ok
Severity: normal => critical
Whiteboard: mga2-64-ok => mga3-64-ok
Testing complete mga3 32
Whiteboard: mga3-64-ok => mga3-64-ok mga3-32-ok
Advisory uploaded. Validating. Could sysadmin please push from 3 nonfree/updates_testing to updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Whiteboard: mga3-64-ok mga3-32-ok => mga3-64-ok mga3-32-ok advisory
Update pushed: http://advisories.mageia.org/MGASA-2013-0370.html
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED