12395 – Security update request for flash-player-plugin, to 11.2.202.335

Bug 12395 - Security update request for flash-player-plugin, to 11.2.202.335

Summary: Security update request for flash-player-plugin, to 11.2.202.335

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	3
Hardware:	All Linux

Priority:	release_blocker Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	advisory mga3-64-OK mga3-32-ok
Keywords:	Security, validated_update

Depends on:
Blocks:	11704
	Show dependency tree / graph

Reported:	2014-01-22 18:45 CET by Anssi Hannula
Modified:	2014-01-25 18:52 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	flash-player-plugin
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2014-01-22 18:45:49 CET

Advisory:
============
Adobe Flash Player 11.2.202.335 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves a vulnerability that could be used to bypass Flash Player security protections (CVE-2014-0491).

This update resolves an address leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0492).

References:
http://helpx.adobe.com/security/products/flash-player/apsb14-02.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0492
============

Updated Flash Player 11.2.202.335 packages are in mga3 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.335-1.mga3.nonfree

Binary packages:
flash-player-plugin-11.2.202.335-1.mga3.nonfree
flash-player-plugin-kde-11.2.202.335-1.mga3.nonfree

Comment 1 Bill Wilkinson 2014-01-23 01:27:52 CET

Tested mga3-64.

viewed several Youtube videos, Changed settings through KDE interface, all OK.

My 32 bit system doesn't work with the latest flash player updates, so someone else will have to check on 32 bit.

CC: (none) => wrw105
Whiteboard: (none) => mga3-64-OK

Comment 2 claire robinson 2014-01-23 09:48:42 CET

Mga3 32 is ok here. Bill can you give more info please.

claire robinson 2014-01-23 12:40:53 CET

Whiteboard: mga3-64-OK => advisory mga3-64-OK

Comment 3 claire robinson 2014-01-23 13:28:27 CET

Confirmed with Bill that it fails 32bit for him because he "has one of the older AMD processors that doesn't support one of the compile time options"

Validating

Could syadmin please push from 3 nonfree/updates_testing to updates

Thanks

Keywords: (none) => validated_update
Whiteboard: advisory mga3-64-OK => advisory mga3-64-OK mga3-32-ok
CC: (none) => sysadmin-bugs

Comment 4 Thomas Backlund 2014-01-24 22:12:46 CET

Update pushed:
http://advisories.mageia.org/MGASA-2014-0029.html

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Comment 5 Samuel Verschelde 2014-01-25 14:53:45 CET

The version in cauldron is lower, missing freeze push?

Priority: Normal => release_blocker
Status: RESOLVED => REOPENED
CC: (none) => stormi
Blocks: (none) => 11704
Resolution: FIXED => (none)

Comment 6 Thomas Backlund 2014-01-25 18:52:02 CET

submitted to cauldron

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.