Bug 12581 - Security update request for flash-player-plugin, to 11.2.202.336
: Security update request for flash-player-plugin, to 11.2.202.336
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 4
: All Linux
: High Severity: critical
: ---
Assigned To: QA Team
: Sec team
: http://helpx.adobe.com/security/produ...
: advisory has_procedure MGA3TOO MGA3-3...
: Security, validated_update
:
:
  Show dependency treegraph
 
Reported: 2014-02-04 21:41 CET by Anssi Hannula
Modified: 2014-02-05 16:45 CET (History)
5 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2014-0497
Status comment:


Attachments

Description Anssi Hannula 2014-02-04 21:41:45 CET
Advisory:
============
Adobe Flash Player 11.2.202.336 contains a fix to a critical security vulnerability found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system.

This update resolves an integer underflow vulnerability that could be exploited to execute arbitrary code on the affected system (CVE-2014-0497).

Adobe is aware of reports that an exploit for this vulnerability exists in the wild.

References:
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0497
============

Updated Flash Player 11.2.202.336 packages are in mga3+mga4 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.336-1.mga3.nonfree
flash-player-plugin-11.2.202.336-1.mga4.nonfree

Binary packages:
flash-player-plugin-11.2.202.336-1.mga3.nonfree
flash-player-plugin-kde-11.2.202.336-1.mga3.nonfree
flash-player-plugin-11.2.202.336-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.336-1.mga4.nonfree
Comment 1 Thomas Backlund 2014-02-04 22:59:37 CET
*** Bug 12591 has been marked as a duplicate of this bug. ***
Comment 2 Rémi Verschelde 2014-02-04 23:39:35 CET
Testing on Mageia 4 x86_64. Everything seems to work as intended. I will report back if I notice anything suspicious.
Comment 3 Manuel Hiebel 2014-02-04 23:42:15 CET
looks good here
Comment 4 Thomas Backlund 2014-02-05 00:06:58 CET
*** Bug 12591 has been marked as a duplicate of this bug. ***
Comment 5 Rémi Verschelde 2014-02-05 13:12:00 CET
Testing complete on Mageia 4 i586. Successfully ran a few flash-based applications such as the Youtube watcher, random flash games on the Internet and an Adobe test page[1], both in Firefox and Konqueror.

--
[1] https://helpx.adobe.com/flash-player.html
Comment 6 user7 2014-02-05 13:18:33 CET
Tested on Mageia 3, 32 bits. Everything works fine (tested youtube + online games). I will report back if I experience any problems.
Comment 7 claire robinson 2014-02-05 14:00:02 CET
Validating. Advisory uploaded.

Could sysadmin please push from 3 & 4 nonfree/updates_testing to updates.

Thanks!
Comment 8 Thomas Backlund 2014-02-05 16:45:34 CET
Update pushed:
http://advisories.mageia.org/MGASA-2014-0035.html

Note You need to log in before you can comment on or make changes to this bug.