16139 – Security update request for flash-player-plugin, to 11.2.202.468

Bug 16139 - Security update request for flash-player-plugin, to 11.2.202.468

Summary: Security update request for flash-player-plugin, to 11.2.202.468

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA4TOO has_procedure advisory MGA4-6...
Keywords:	Security, validated_update

Depends on:
Blocks:

Reported:	2015-06-17 17:02 CEST by Anssi Hannula
Modified:	2015-06-24 07:59 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	flash-player-plugin
CVE:	CVE-2015-3096, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3101, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108, CVE-2015-3113
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2015-06-17 17:02:02 CEST

Advisory:
============
Adobe Flash Player 11.2.202.466 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system.

This update resolves a vulnerability (CVE-2015-3096) that could be exploited to bypass the fix for CVE-2014-5333. 

This update resolves vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102).  

This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2015-3100).

This update resolves a permission issue in the Flash broker for Internet Explorer that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2015-3101).    

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2015-3104).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2015-3105).

This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107).

This update resolves a memory leak vulnerability that could be used to bypass ASLR (CVE-2015-3108). 

References:
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3099                                                                                                                                                                                                            
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3100                                                                                                                                                                                                            
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3101                                                                                                                                                                                                            
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3102                                                                                                                                                                                                            
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3103                                                                                                                                                                                                            
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3104                                                                                                                                                                                                            
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3105                                                                                                                                                                                                            
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3106                                                                                                                                                                                                            
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107                                                                                                                                                                                                            
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3108                                                                                                                                                                                                            
============

Updated Flash Player 11.2.202.466 packages are in mga4 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.466-1.mga4.nonfree

Binary packages:
flash-player-plugin-11.2.202.466-1.mga4.nonfree
flash-player-plugin-kde-11.2.202.466-1.mga4.nonfree

Comment 1 David Walser 2015-06-17 17:14:29 CEST

This also needs to be updated for Mageia 5, but can't be until Mageia 5 SVN is branched.

Comment 2 Bill Wilkinson 2015-06-19 04:50:18 CEST

Tested the usual battery: played videos on youtube, played a game, changed cookie settings in kde panel, all OK. MGA4-64

My 32 bit system apparently needs a new motherboard, so i'm stuck on 64 at this point.

CC: (none) => wrw105
Whiteboard: (none) => mga4-64-ok has_procedure

Comment 3 Anssi Hannula 2015-06-20 13:02:29 CEST

Updated Flash Player 11.2.202.466 packages are now submitted to mga5 nonfree/updates_testing as well, in addition to mga4 that were previously available.

Version: 4 => 5
Whiteboard: mga4-64-ok has_procedure => MGA4TOO mga4-64-ok has_procedure

Comment 4 David Walser 2015-06-20 17:08:07 CEST

Thanks Anssi!

Confirmed working on Mageia 4 i586.

Whiteboard: MGA4TOO mga4-64-ok has_procedure => MGA4TOO mga4-64-ok mga4-32-ok has_procedure

Comment 5 Bill Wilkinson 2015-06-20 18:45:52 CEST

Tested mga5-64 as above.  All OK.

Whiteboard: MGA4TOO mga4-64-ok mga4-32-ok has_procedure => MGA4TOO mga4-64-ok mga4-32-ok has_procedure mga5-64-ok

Comment 6 Dave Hodgins 2015-06-23 22:27:12 CEST

While it does work, as usual another critical security bug has been found, so
there is no point pushing this one as
flash-plugin-11.2.202.468-release.x86_64.rpm
has been released fixing another critical security issue.

CC: (none) => davidwhodgins

Comment 7 Anssi Hannula 2015-06-23 22:38:46 CEST

Adobe has released a new emergency update for an issue that is being exploited in the wild: 11.2.202.468. Please re-test.

Updated advisory:
============
Adobe Flash Player 11.2.202.468 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.

This update resolves a heap buffer overflow vulnerability that could lead to code execution (CVE-2015-3113). 

This update resolves a vulnerability (CVE-2015-3096) that could be exploited to bypass the fix for CVE-2014-5333. 

This update resolves vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102).  

This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2015-3100).

This update resolves a permission issue in the Flash broker for Internet Explorer that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2015-3101).    

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2015-3104).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2015-3105).

This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107).

This update resolves a memory leak vulnerability that could be used to bypass ASLR (CVE-2015-3108).

References:
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3133
============

Updated Flash Player 11.2.202.468 packages are in mga4 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.468-1.mgaX.nonfree

Binary packages:
flash-player-plugin-11.2.202.468-1.mgaX.nonfree
flash-player-plugin-kde-11.2.202.468-1.mgaX.nonfree

CVE: CVE-2015-3096, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3101, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108 => CVE-2015-3096, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3101, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108, CVE-2015-3113
Summary: Security update request for flash-player-plugin, to 11.2.202.466 => Security update request for flash-player-plugin, to 11.2.202.468
Whiteboard: MGA4TOO mga4-64-ok mga4-32-ok has_procedure mga5-64-ok => MGA4TOO has_procedure
Severity: normal => major

Dave Hodgins 2015-06-23 23:51:05 CEST

Whiteboard: MGA4TOO has_procedure => MGA4TOO has_procedure advisory

Comment 8 Dave Hodgins 2015-06-24 00:07:40 CEST

Mageia 4 testing complete. I'll test Mageia 5 shortly.

Whiteboard: MGA4TOO has_procedure advisory => MGA4TOO has_procedure advisory MGA4-64-OK MGA4-32-OK

Comment 9 Dave Hodgins 2015-06-24 00:31:02 CEST

Testing complete.
Someone from the sysadmin team please push 16139.adv to updates (Note, both
Mageia 4 and 5).

Keywords: (none) => validated_update
Whiteboard: MGA4TOO has_procedure advisory MGA4-64-OK MGA4-32-OK => MGA4TOO has_procedure advisory MGA4-64-OK MGA4-32-OK MGA5-64-OK MGA5-32-OK
CC: (none) => sysadmin-bugs

Comment 10 Mageia Robot 2015-06-24 07:59:03 CEST

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0248.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.