Bug 15697 - Security update request for flash-player-plugin, to 11.2.202.457
Summary: Security update request for flash-player-plugin, to 11.2.202.457
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA4-32-OK mga4-64-ok advisory
Keywords: Security, validated_update
Depends on:
Blocks:
 
Reported: 2015-04-14 21:00 CEST by Anssi Hannula
Modified: 2015-04-15 11:02 CEST (History)
2 users (show)

See Also:
Source RPM: flash-player-plugin
CVE:
Status comment:


Attachments

Description Anssi Hannula 2015-04-14 21:00:55 CEST
Advisory:
============
Adobe Flash Player 11.2.202.457 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system.

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043). 

This update resolves a type confusion vulnerability that could lead to code execution (CVE-2015-0356). 

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2015-0348). 

This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039). 

This update resolves double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359). 

This update resolves memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040).  

This update resolves a security bypass vulnerability that could lead to information disclosure (CVE-2015-3044). 

References:
https://helpx.adobe.com/security/products/flash-player/apsb15-06.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0354
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0355
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044
============

Updated Flash Player 11.2.202.457 packages are in mga4 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.457-1.mga4.nonfree

Binary packages:
flash-player-plugin-11.2.202.457-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.457-1.mga4.nonfree
Comment 1 David Walser 2015-04-15 01:11:27 CEST
Working fine Mageia 4 i586.

Whiteboard: (none) => MGA4-32-OK

Comment 2 Bill Wilkinson 2015-04-15 05:24:02 CEST
tested mga4-64

played a video, played flash game, changed a setting in KDE interface, all OK.

Validating. Ready for push when advisory uploaded to svn.

Keywords: (none) => validated_update
Whiteboard: MGA4-32-OK => MGA4-32-OK mga4-64-ok
CC: (none) => wrw105, sysadmin-bugs

Comment 3 claire robinson 2015-04-15 10:04:27 CEST
Advisory uploaded.

Whiteboard: MGA4-32-OK mga4-64-ok => MGA4-32-OK mga4-64-ok advisory

Comment 4 Mageia Robot 2015-04-15 11:02:36 CEST
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0155.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.