Bug 13375 - Security update request for flash-player-plugin, to 11.2.202.359
Summary: Security update request for flash-player-plugin, to 11.2.202.359
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA3TOO has_procedure advisory mga4-3...
Keywords: Security, validated_update
Depends on:
Blocks:
 
Reported: 2014-05-13 23:45 CEST by Anssi Hannula
Modified: 2014-05-15 00:21 CEST (History)
3 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2014-0510, CVE-2014-0516, CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520
Status comment:


Attachments

Description Anssi Hannula 2014-05-13 23:45:54 CEST
Advisory:
============
Adobe Flash Player 11.2.202.359 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This update resolves a use-after-free vulnerability that could result in arbitrary code execution (CVE-2014-0510).

This update resolves a vulnerability that could be used to bypass the same origin policy (CVE-2014-0516).

This update resolves security bypass vulnerabilities (CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520).

References:
http://helpx.adobe.com/security/products/flash-player/apsb14-14.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0520
============

Updated Flash Player 11.2.202.359 packages are in mga3+mga4
nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.359-1.mga3.nonfree
flash-player-plugin-11.2.202.359-1.mga4.nonfree

Binary packages:
flash-player-plugin-11.2.202.359-1.mga3.nonfree
flash-player-plugin-kde-11.2.202.359-1.mga3.nonfree
flash-player-plugin-11.2.202.359-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.359-1.mga4.nonfree
Anssi Hannula 2014-05-13 23:46:08 CEST

Whiteboard: (none) => MGA3TOO

Comment 1 Bill Wilkinson 2014-05-14 03:57:56 CEST
Tested mga4-64

Youtube videos, flash game, changed settings in kde front end, all OK, no regressions noted.

CC: (none) => wrw105
Whiteboard: MGA3TOO => MGA3TOO mga4-64-ok

Comment 2 Bill Wilkinson 2014-05-14 04:23:41 CEST
Tested mga3-64 as above, no regressions noted.

As my 32 bit system has an older AMD CPU, I am unable to test the 32-bit versions, so I'll leave them to someone else.

Whiteboard: MGA3TOO mga4-64-ok => MGA3TOO mga4-64-ok mga3-64-ok

Comment 3 claire robinson 2014-05-14 09:40:59 CEST
Well done Bill W, testing the others now.
Comment 4 claire robinson 2014-05-14 09:54:32 CEST
Testing complete mga3 32 & mga4 32

Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok => MGA3TOO has_procedure mga4-32-ok mga4-64-ok mga3-32-ok mga3-64-ok

Comment 5 claire robinson 2014-05-14 10:10:41 CEST
Validating. Advisory uploaded.

Could sysadmin please push to 3 & 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA3TOO has_procedure mga4-32-ok mga4-64-ok mga3-32-ok mga3-64-ok => MGA3TOO has_procedure advisory mga4-32-ok mga4-64-ok mga3-32-ok mga3-64-ok
CC: (none) => sysadmin-bugs

Comment 6 Thomas Backlund 2014-05-15 00:21:46 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2014-0219.html

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.