Bug 12997 - Security update request for flash-player-plugin, to
: Security update request for flash-player-plugin, to
Product: Mageia
Classification: Unclassified
Component: Security
: 4
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: Sec team
: MGA3TOO has_procedure advisory mga3-3...
: Security, validated_update
  Show dependency treegraph
Reported: 2014-03-11 23:32 CET by Anssi Hannula
Modified: 2014-03-12 17:33 CET (History)
4 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2014-0503, CVE-2014-0504
Status comment:


Description Anssi Hannula 2014-03-11 23:32:54 CET
Suggested advisory:
Adobe Flash Player contains fixes to important vulnerabilities found in earlier versions that could allow a remote attacker to bypass security restrictions or to access sensitive information.

This update resolves a vulnerability that could be used to bypass the same origin policy (CVE-2014-0503).

This update resolves a vulnerability that could be used to read the contents of the clipboard (CVE-2014-0504).


Uploaded to mga3+mga4 nonfree/updates_testing:

Source packages:

Binary packages:

P.S. This is the first time I remember Adobe issuing a Flash update classified as only Important instead of Critical... (this is because the security issues do not allow a remote takeover as usual).
Comment 1 Bill Wilkinson 2014-03-12 12:36:57 CET
No PoC. Tested general use mga4-64.

Played Youtube videos, and a flash game. changed settings in KDE panel, all OK.

Will test mga3-64 momentarily.  Someone else will have to pick up mga3 and 4 32. I have an older AMD processor and newer flash updates don't work on my 32-bit system.
Comment 2 claire robinson 2014-03-12 12:47:40 CET
I'll do both 32bit now.
Comment 3 Bill Wilkinson 2014-03-12 13:00:35 CET
Tested mga3-64 as above, all OK.
Comment 4 claire robinson 2014-03-12 13:10:13 CET
Testing complete mga3 32 & mga4 32
Comment 5 claire robinson 2014-03-12 13:17:14 CET
Advisory uploaded. Validating.

Could sysadmin please push to 3 & 4 nonfree updates

Comment 6 Thomas Backlund 2014-03-12 17:33:39 CET
Update pushed:

Note You need to log in before you can comment on or make changes to this bug.