Bug 15116 - Update request for flash-player-plugin, to 11.2.202.438
Summary: Update request for flash-player-plugin, to 11.2.202.438
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: http://helpx.adobe.com/security/produ...
Whiteboard: has_procedure advisory mga4-32-ok mga...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-01-22 18:58 CET by Anssi Hannula
Modified: 2015-01-24 15:32 CET (History)
1 user (show)

See Also:
Source RPM: flash-player-plugin
CVE:
Status comment:


Attachments

Description Anssi Hannula 2015-01-22 18:58:20 CET
Advisory:
============
Adobe Flash Player 11.2.202.438 contains a fix to a memory leak.

The memory leak could be used circumvent memory address randomization on the Windows platform (CVE-2015-0310) and is being exploited in the wild on that platform, but Adobe has not reported that this memory leak would be exploitable on Linux.

References:
http://helpx.adobe.com/security/products/flash-player/apsb15-02.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0310
============

Since there does not seem to be security implications on Linux, I've made this a non-security update.


Updated Flash Player 11.2.202.438 packages are in mga4 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.438-1.mga4.nonfree

Binary packages:
flash-player-plugin-11.2.202.438-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.438-1.mga4.nonfree
Comment 1 claire robinson 2015-01-23 13:55:38 CET
Let's give this greater priority.

Testing now..

Component: RPM Packages => Security
Severity: normal => major

Comment 2 claire robinson 2015-01-23 14:33:29 CET
Testing complete mga4 32 and 64

flash video from several sites including over https, used kde system settings to delete all flash storage. Hardware acceleration in use. Viewed settings in the right click menu when flash video playing.

Whiteboard: (none) => has_procedure mga4-32-ok mga4-64-ok

Comment 3 claire robinson 2015-01-23 18:09:38 CET
Validating. Bugfix advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-32-ok mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2015-01-24 15:32:40 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGAA-2015-0008.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.