Mageia Bugzilla – Bug 12997
Security update request for flash-player-plugin, to 22.214.171.1246
Last modified: 2014-03-12 17:33:39 CET
Adobe Flash Player 126.96.36.1996 contains fixes to important vulnerabilities found in earlier versions that could allow a remote attacker to bypass security restrictions or to access sensitive information.
This update resolves a vulnerability that could be used to bypass the same origin policy (CVE-2014-0503).
This update resolves a vulnerability that could be used to read the contents of the clipboard (CVE-2014-0504).
Uploaded to mga3+mga4 nonfree/updates_testing:
P.S. This is the first time I remember Adobe issuing a Flash update classified as only Important instead of Critical... (this is because the security issues do not allow a remote takeover as usual).
No PoC. Tested general use mga4-64.
Played Youtube videos, and a flash game. changed settings in KDE panel, all OK.
Will test mga3-64 momentarily. Someone else will have to pick up mga3 and 4 32. I have an older AMD processor and newer flash updates don't work on my 32-bit system.
I'll do both 32bit now.
Tested mga3-64 as above, all OK.
Testing complete mga3 32 & mga4 32
Advisory uploaded. Validating.
Could sysadmin please push to 3 & 4 nonfree updates