Updated Flash Player 11.2.202.559 packages are in mga5 nonfree/updates_testing. Release notes are not yet available, I'll post an advisory as a comment when they are. I expect the update to fix critical security vulnerabilities as usual. Source packages: flash-player-plugin-11.2.202.559-1.mga5.nonfree Binary packages: flash-player-plugin flash-player-plugin-kde
Severity: normal => critical
Testing complete mga5 32 Ensured the correct version was downloaded and installed. Verified version at http://www.adobe.com/software/flash/about/ and checked flash usage at various other websites. Deleted local flash storage in kde system settings.
Whiteboard: (none) => has_procedure mga5-32-ok
Testing on mga5-64 Verified version Confirmed that flash videos and streaming work on several sites Deleted selected local storage using System Settings module OK for mga5-64
Whiteboard: has_procedure mga5-32-ok => has_procedure mga5-32-ok MGA5-64-OK
Advisory: ============ Adobe Flash Player 11.2.202.559 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution (CVE-2015-8644). This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2015-8651). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650). This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645). References: https://helpx.adobe.com/security/products/flash-player/apsb16-01.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8459 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8460 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8634 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8636 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8638 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8639 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8640 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8641 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8642 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8643 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8644 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8645 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8646 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8647 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8648 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8649 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8650 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8651 ============ CVEs: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651
URL: (none) => CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651
URL: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651 => https://helpx.adobe.com/security/products/flash-player/apsb16-01.htmlCVE: (none) => CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649,
CVE: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, => 19 CVEs, too many to fit here
This update is now validated The advisory needs to be uploaded to SVN The packages can then be pushed to updates
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Thanks guys. Advisory uploaded.
Whiteboard: has_procedure mga5-32-ok MGA5-64-OK => has_procedure advisory mga5-32-ok MGA5-64-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0493.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED