Bug 12581 - Security update request for flash-player-plugin, to 11.2.202.336
Summary: Security update request for flash-player-plugin, to 11.2.202.336
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: All Linux
Priority: High critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://helpx.adobe.com/security/produ...
Whiteboard: advisory has_procedure MGA3TOO MGA3-3...
Keywords: Security, validated_update
: 12591 (view as bug list)
Depends on:
Blocks:
 
Reported: 2014-02-04 21:41 CET by Anssi Hannula
Modified: 2014-02-05 16:45 CET (History)
5 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2014-0497
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2014-02-04 21:41:45 CET 
Advisory:
============
Adobe Flash Player 11.2.202.336 contains a fix to a critical security vulnerability found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system.

This update resolves an integer underflow vulnerability that could be exploited to execute arbitrary code on the affected system (CVE-2014-0497).

Adobe is aware of reports that an exploit for this vulnerability exists in the wild.

References:
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0497
============

Updated Flash Player 11.2.202.336 packages are in mga3+mga4 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.336-1.mga3.nonfree
flash-player-plugin-11.2.202.336-1.mga4.nonfree

Binary packages:
flash-player-plugin-11.2.202.336-1.mga3.nonfree
flash-player-plugin-kde-11.2.202.336-1.mga3.nonfree
flash-player-plugin-11.2.202.336-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.336-1.mga4.nonfree
Samuel Verschelde 2014-02-04 22:01:31 CET

CC: (none) => stormi
Severity: major => critical

Comment 1 Thomas Backlund 2014-02-04 22:59:37 CET 
*** Bug 12591 has been marked as a duplicate of this bug. ***

CC: (none) => spm

Comment 2 Rémi Verschelde 2014-02-04 23:39:35 CET 
Testing on Mageia 4 x86_64. Everything seems to work as intended. I will report back if I notice anything suspicious.

CC: (none) => remi

Comment 3 Manuel Hiebel 2014-02-04 23:42:15 CET 
looks good here

Whiteboard: (none) => MGA3TOO mga3-64-ok

Rémi Verschelde 2014-02-04 23:43:20 CET

Whiteboard: MGA3TOO mga3-64-ok => MGA3TOO MGA3-64-OK MGA4-64-OK

Comment 4 Thomas Backlund 2014-02-05 00:06:58 CET 
*** Bug 12591 has been marked as a duplicate of this bug. ***
Comment 5 Rémi Verschelde 2014-02-05 13:12:00 CET 
Testing complete on Mageia 4 i586. Successfully ran a few flash-based applications such as the Youtube watcher, random flash games on the Internet and an Adobe test page[1], both in Firefox and Konqueror.

--
[1] https://helpx.adobe.com/flash-player.html

CC: remi => (none)
Whiteboard: MGA3TOO MGA3-64-OK MGA4-64-OK => MGA3TOO MGA3-64-OK MGA4-32-OK MGA4-64-OK

Comment 6 user7 2014-02-05 13:18:33 CET 
Tested on Mageia 3, 32 bits. Everything works fine (tested youtube + online games). I will report back if I experience any problems.
user7 2014-02-05 13:18:50 CET

CC: (none) => wassi
Whiteboard: MGA3TOO MGA3-64-OK MGA4-32-OK MGA4-64-OK => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK

Comment 7 claire robinson 2014-02-05 14:00:02 CET 
Validating. Advisory uploaded.

Could sysadmin please push from 3 & 4 nonfree/updates_testing to updates.

Thanks!

Keywords: (none) => validated_update
Whiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK => advisory has_procedure MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK
CC: (none) => sysadmin-bugs

Comment 8 Thomas Backlund 2014-02-05 16:45:34 CET 
Update pushed:
http://advisories.mageia.org/MGASA-2014-0035.html

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.