Bug 17945 - Security update request for flash-player-plugin, to 11.2.202.577 (0-day)
Summary: Security update request for flash-player-plugin, to 11.2.202.577 (0-day)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: High major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: https://helpx.adobe.com/security/prod...
Whiteboard: MGA5-64-OK advisory
Keywords: Security, validated_update
Depends on:
Blocks:
 
Reported: 2016-03-10 17:43 CET by Anssi Hannula
Modified: 2016-03-11 00:38 CET (History)
2 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-1000 CVE-2016-1001 CVE-2016-1005 CVE-2016-1010
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2016-03-10 17:43:02 CET 
Advisory:
============
Adobe Flash Player 11.2.202.577 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This update resolves integer overflow vulnerabilities that could lead to code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).

This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-1000).

This update resolves a heap overflow vulnerability that could lead to code execution (CVE-2016-1001).

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1005).

Adobe reports that an exploit for CVE-2016-1010 is being used in limited, targeted attacks.

References:
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1010
============

CVEs: CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-1000, CVE-2016-1001, CVE-2016-1005, CVE-2016-1010

Updated Flash Player 11.2.202.577 packages are in mga5 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.577-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde
Dave Hodgins 2016-03-10 19:54:15 CET

Keywords: (none) => validated_update
Whiteboard: (none) => MGA5-64-OK advisory
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 1 Mageia Robot 2016-03-11 00:38:27 CET 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0109.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.