Advisory: ============ Adobe Flash Player 11.2.202.394 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update includes additional validation checks to ensure that Flash Player rejects malicious content from vulnerable JSONP callback APIs (CVE-2014-4671). This update resolves security bypass vulnerabilities (CVE-2014-0537, CVE-2014-0539). References: http://helpx.adobe.com/security/products/flash-player/apsb14-17.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0539 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4671 ============ Updated Flash Player 11.2.202.394 packages are in mga3+mga4 nonfree/updates_testing. Source packages: flash-player-plugin-11.2.202.394-1.mga3.nonfree flash-player-plugin-11.2.202.394-1.mga4.nonfree Binary packages: flash-player-plugin-11.2.202.394-1.mga3.nonfree flash-player-plugin-kde-11.2.202.394-1.mga3.nonfree flash-player-plugin-11.2.202.394-1.mga4.nonfree flash-player-plugin-kde-11.2.202.394-1.mga4.nonfree
Whiteboard: (none) => MGA3TOO
Mga3 32-bit seems fine, TrainStation game on Facebook loads fine after update and various items on BBC website OK. Carolyn
CC: (none) => cmrisoldeWhiteboard: MGA3TOO => MGA3TOO MGA3-32-OK
No problems encountered with Mga4 32-bit either. Carolyn
Whiteboard: MGA3TOO MGA3-32-OK => MGA3TOO MGA3-32-OK MGA4-32-OK
Testing complete mga3 64 and mga4 64 Played various flash videos and deleted local storage using the flash player utility in kde system settings. Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 nonfree updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO MGA3-32-OK MGA4-32-OK => MGA3TOO has_procedure advisory MGA3-32-OK mga3-64-ok MGA4-32-OK mga4-64-okCC: (none) => sysadmin-bugs
http://advisories.mageia.org/MGASA-2014-0291.html
Status: ASSIGNED => RESOLVEDCC: (none) => pterjanResolution: (none) => FIXED