Advisory: ============ Adobe Flash Player 11.2.202.440 contains a fix to a critical unspecified security vulnerability found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system (CVE-2015-0311). Adobe reports that this vulnerability is already being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows. References: http://helpx.adobe.com/security/products/flash-player/apsa15-01.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0311 ============ NOTE: There are no release notes from Adobe available yet. If those are released (at http://blogs.adobe.com/psirt/ ) before this update is pushed, the advisory can be updated with more details. Updated Flash Player 11.2.202.440 packages are in mga4 nonfree/updates_testing. Source packages: flash-player-plugin-11.2.202.440-1.mga4.nonfree Binary packages: flash-player-plugin-11.2.202.440-1.mga4.nonfree flash-player-plugin-kde-11.2.202.440-1.mga4.nonfree
The submitted 1.mga4.nonfree pkgs had a bug in the download URL section, submitted fixed packages now: Source packages: flash-player-plugin-11.2.202.440-1.1.mga4.nonfree Binary packages: flash-player-plugin-11.2.202.440-1.1.mga4.nonfree flash-player-plugin-kde-11.2.202.440-1.1.mga4.nonfree
Testing complete mga4 32
Whiteboard: (none) => mga4-32-ok
Advisory uploaded. I added http://blogs.adobe.com/psirt/ as a reference for now.
Whiteboard: mga4-32-ok => advisory mga4-32-ok
Testing complete mga4 64 https flash video from youtube. https://www.adobe.com/software/flash/about/ version check. Deleted local storage with kde system settings.
Keywords: (none) => validated_updateWhiteboard: advisory mga4-32-ok => advisory has_procedure mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
Validating. Please push to 4 updates.
Adobe has released a new bulletin. This version also contains another security fix. Updated suggested advisory: ============ Adobe Flash Player 11.2.202.440 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe reports that CVE-2015-0311 is already being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows. This update resolves a use-after-free vulnerability that could lead to code execution (CVE-2015-0311). This update resolves a double-free vulnerability that could lead to code execution (CVE-2015-0312). references: - https://bugs.mageia.org/show_bug.cgi?id=15136 - http://helpx.adobe.com/security/products/flash-player/apsb15-03.html ============
CVE: CVE-2015-0311 => CVE-2015-0311, CVE-2015-0312
Thanks. Removing advisory tag from whiteboard until it's updated in SVN.
Whiteboard: advisory has_procedure mga4-32-ok mga4-64-ok => has_procedure mga4-32-ok mga4-64-ok
Advisory updated in svn.
Whiteboard: has_procedure mga4-32-ok mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-ok
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0043.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED