Bug 17127 - Security update request for flash-player-plugin, to 11.2.202.548
Summary: Security update request for flash-player-plugin, to 11.2.202.548
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory MGA5-64-OK MGA5-32-OK
Keywords: Security, validated_update
Depends on:
Blocks:
 
Reported: 2015-11-11 17:14 CET by Anssi Hannula
Modified: 2015-11-11 20:20 CET (History)
2 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2015-11-11 17:14:11 CET 
Advisory:
============
Adobe Flash Player 11.2.202.548 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This update resolves a type confusion vulnerability that could lead to code execution (CVE-2015-7659).

This update resolves a security bypass vulnerability that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-7662).

This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046).

References:
https://helpx.adobe.com/security/products/flash-player/apsb15-28.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8046
============

CVEs: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046

Updated Flash Player 11.2.202.548 packages are in mga5 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.548-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde
Dave Hodgins 2015-11-11 18:51:13 CET

CC: (none) => davidwhodgins
Whiteboard: (none) => advisory

Dave Hodgins 2015-11-11 20:13:45 CET

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA5-64-OK MGA5-32-OK
CC: (none) => sysadmin-bugs

Comment 1 Mageia Robot 2015-11-11 20:20:39 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0444.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.