Suggested advisory: ============ Adobe Flash Player 11.2.202.346 contains fixes to important vulnerabilities found in earlier versions that could allow a remote attacker to bypass security restrictions or to access sensitive information. This update resolves a vulnerability that could be used to bypass the same origin policy (CVE-2014-0503). This update resolves a vulnerability that could be used to read the contents of the clipboard (CVE-2014-0504). References: http://helpx.adobe.com/security/products/flash-player/apsb14-08.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0503 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0504 ============ Uploaded to mga3+mga4 nonfree/updates_testing: Source packages: flash-player-plugin-11.2.202.346-1.mga3.nonfree flash-player-plugin-11.2.202.346-1.mga4.nonfree Binary packages: flash-player-plugin-11.2.202.346-1.mga3.nonfree flash-player-plugin-kde-11.2.202.346-1.mga3.nonfree flash-player-plugin-11.2.202.346-1.mga4.nonfree flash-player-plugin-kde-11.2.202.346-1.mga4.nonfree P.S. This is the first time I remember Adobe issuing a Flash update classified as only Important instead of Critical... (this is because the security issues do not allow a remote takeover as usual).
No PoC. Tested general use mga4-64. Played Youtube videos, and a flash game. changed settings in KDE panel, all OK. Will test mga3-64 momentarily. Someone else will have to pick up mga3 and 4 32. I have an older AMD processor and newer flash updates don't work on my 32-bit system.
CC: (none) => wrw105Whiteboard: (none) => MGA3TOO mga4-64-ok
I'll do both 32bit now.
Tested mga3-64 as above, all OK.
Whiteboard: MGA3TOO mga4-64-ok => MGA3TOO mga4-64-ok mga3-64-ok
Testing complete mga3 32 & mga4 32
Advisory uploaded. Validating. Could sysadmin please push to 3 & 4 nonfree updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO mga4-64-ok mga3-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga4-32-ok mga4-64-ok mga3-64-okCC: (none) => sysadmin-bugs
CC: (none) => smorgan
Update pushed: http://advisories.mageia.org/MGASA-2014-0128.html
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED