Bug 14763 - Security update request for flash-player-plugin, to 11.2.202.425
Summary: Security update request for flash-player-plugin, to 11.2.202.425
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://helpx.adobe.com/security/produ...
Whiteboard: has_procedure advisory MGA4-32-OK mga...
Keywords: Security, validated_update
Depends on:
Blocks:
 
Reported: 2014-12-09 18:39 CET by Anssi Hannula
Modified: 2014-12-09 21:13 CET (History)
1 user (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2014-12-09 18:39:20 CET 
Advisory:
============
Adobe Flash Player 11.2.202.425 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2014-0587, CVE-2014-9164).

This update resolves a use-after-free vulnerability that could lead to code execution (CVE-2014-8443).

This update resolves a stack-based buffer overflow vulnerability that could lead to code execution (CVE-2014-9163).

This update resolves an information disclosure vulnerability (CVE-2014-9162).

This update resolves a vulnerability that could be exploited to circumvent the same-origin policy (CVE-2014-0580). 

References:
http://helpx.adobe.com/security/products/flash-player/apsb14-27.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9164
============

Updated Flash Player 11.2.202.425 packages are in mga4 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.425-1.mga4.nonfree

Binary packages:
flash-player-plugin-11.2.202.425-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.425-1.mga4.nonfree
Comment 1 David Walser 2014-12-09 19:45:18 CET 
Tested successfully Mageia 4 i586.

Whiteboard: (none) => MGA4-32-OK

Comment 2 claire robinson 2014-12-09 20:03:26 CET 
Testing complete mga4 64

Ensured flash works with youtube etc. and used the flash settings in kde system settings to delete local storage.

Whiteboard: MGA4-32-OK => MGA4-32-OK mga4-64-ok

Comment 3 claire robinson 2014-12-09 20:07:44 CET 
Validating. Advisory uploaded.

Please push to updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: MGA4-32-OK mga4-64-ok => has_procedure advisory MGA4-32-OK mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2014-12-09 21:13:48 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0521.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.