13375 – Security update request for flash-player-plugin, to 11.2.202.359

Bug 13375 - Security update request for flash-player-plugin, to 11.2.202.359

Summary: Security update request for flash-player-plugin, to 11.2.202.359

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	4
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA3TOO has_procedure advisory mga4-3...
Keywords:	Security, validated_update

Depends on:
Blocks:

Reported:	2014-05-13 23:45 CEST by Anssi Hannula
Modified:	2014-05-15 00:21 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	flash-player-plugin
CVE:	CVE-2014-0510, CVE-2014-0516, CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2014-05-13 23:45:54 CEST

Advisory:
============
Adobe Flash Player 11.2.202.359 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This update resolves a use-after-free vulnerability that could result in arbitrary code execution (CVE-2014-0510).

This update resolves a vulnerability that could be used to bypass the same origin policy (CVE-2014-0516).

This update resolves security bypass vulnerabilities (CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520).

References:
http://helpx.adobe.com/security/products/flash-player/apsb14-14.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0520
============

Updated Flash Player 11.2.202.359 packages are in mga3+mga4
nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.359-1.mga3.nonfree
flash-player-plugin-11.2.202.359-1.mga4.nonfree

Binary packages:
flash-player-plugin-11.2.202.359-1.mga3.nonfree
flash-player-plugin-kde-11.2.202.359-1.mga3.nonfree
flash-player-plugin-11.2.202.359-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.359-1.mga4.nonfree

Anssi Hannula 2014-05-13 23:46:08 CEST

Whiteboard: (none) => MGA3TOO

Comment 1 Bill Wilkinson 2014-05-14 03:57:56 CEST

Tested mga4-64

Youtube videos, flash game, changed settings in kde front end, all OK, no regressions noted.

CC: (none) => wrw105
Whiteboard: MGA3TOO => MGA3TOO mga4-64-ok

Comment 2 Bill Wilkinson 2014-05-14 04:23:41 CEST

Tested mga3-64 as above, no regressions noted.

As my 32 bit system has an older AMD CPU, I am unable to test the 32-bit versions, so I'll leave them to someone else.

Whiteboard: MGA3TOO mga4-64-ok => MGA3TOO mga4-64-ok mga3-64-ok

Comment 3 claire robinson 2014-05-14 09:40:59 CEST

Well done Bill W, testing the others now.

Comment 4 claire robinson 2014-05-14 09:54:32 CEST

Testing complete mga3 32 & mga4 32

Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok => MGA3TOO has_procedure mga4-32-ok mga4-64-ok mga3-32-ok mga3-64-ok

Comment 5 claire robinson 2014-05-14 10:10:41 CEST

Validating. Advisory uploaded.

Could sysadmin please push to 3 & 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA3TOO has_procedure mga4-32-ok mga4-64-ok mga3-32-ok mga3-64-ok => MGA3TOO has_procedure advisory mga4-32-ok mga4-64-ok mga3-32-ok mga3-64-ok
CC: (none) => sysadmin-bugs

Comment 6 Thomas Backlund 2014-05-15 00:21:46 CEST

Update pushed:
http://advisories.mageia.org/MGASA-2014-0219.html

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.