====================================================== Name: CVE-2014-0498 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0498 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20131220 Category: Reference: CONFIRM:http://helpx.adobe.com/security/products/flash-player/apsb14-07.html Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors. ====================================================== Name: CVE-2014-0499 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0499 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20131220 Category: Reference: CONFIRM:http://helpx.adobe.com/security/products/flash-player/apsb14-07.html Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors. ====================================================== Name: CVE-2014-0502 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20131220 Category: Reference: CONFIRM:http://helpx.adobe.com/security/products/flash-player/apsb14-07.html Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. Reproducible: Steps to Reproduce:
flash-player-plugin-11.2.202.341-1.mga3 and flash-player-plugin-11.2.202.341-1.mga4 has been submitted to nonfree/updates_testing. flash-player-plugin-11.2.202.341-1.mga5 has been submitted to nonfree/release
Thanks Oden :) Assigning to QA. Suggested advisory: ============ Adobe Flash Player 11.2.202.341 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0498). This update resolves a memory leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0499). This update resolves a double free vulnerability that could result in arbitrary code execution (CVE-2014-0502). Adobe is aware of reports that CVE-2014-0502 is being exploited in the wild. References: http://helpx.adobe.com/security/products/flash-player/apsb14-07.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0498 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502 ============ Source packages: flash-player-plugin-11.2.202.341-1.mga3.nonfree flash-player-plugin-11.2.202.341-1.mga4.nonfree Binary packages: flash-player-plugin-11.2.202.341-1.mga3.nonfree flash-player-plugin-kde-11.2.202.341-1.mga3.nonfree flash-player-plugin-11.2.202.341-1.mga4.nonfree flash-player-plugin-kde-11.2.202.341-1.mga4.nonfree
Status: NEW => ASSIGNEDCC: (none) => anssi.hannulaHardware: i586 => AllCVE: (none) => CVE-2014-0498, CVE-2014-0499, CVE-2014-0502Version: 3 => 4Assignee: bugsquad => qa-bugsWhiteboard: (none) => MGA3TOO
Severity: normal => critical
Testing complete mga3 32 Checked flash videos play ok and deleted all flash storage in kde system settings.
Whiteboard: MGA3TOO => MGA3TOO has_procedure mga3-32-ok
Testing complete mga4 64
CC: (none) => napcokWhiteboard: MGA3TOO has_procedure mga3-32-ok => MGA3TOO has_procedure mga3-32-ok mga4-64-ok
Testing complete mga3 64
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok
Testing complete mga4 32
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
Validating update, advisory has been uploaded. Please push to 3 & 4 nonfree/updates.
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok advisoryCC: (none) => remi, sysadmin-bugs
(In reply to Daniel Napora from comment #4) > Testing complete mga4 64 Confirmed (we played in parallel). FWIW Flash worked for me in Firefox, Opera, Web; but *not* Konqueror.
CC: (none) => lewyssmith
Update pushed: http://advisories.mageia.org/MGASA-2014-0091.html
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED