Advisory: ============ Adobe Flash Player 11.2.202.621 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves type confusion vulnerabilities that could lead to code execution (CVE-2016-1105, CVE-2016-4117). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110). This update resolves a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-1101). This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2016-1103). This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115). This update resolves a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-4116). Adobe reports that an exploit for CVE-2016-4117 exists in the wild. References: https://helpx.adobe.com/security/products/flash-player/apsb16-15.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4112 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4117 ============ CVEs: CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117 Updated Flash Player packages are in mga5 nonfree/updates_testing. Source packages: flash-player-plugin-11.2.202.621-1.mga5.nonfree Binary packages: flash-player-plugin flash-player-plugin-kde
Working fine on Mageia 5 i586.
Whiteboard: (none) => MGA5-32-OK
Testing complete mga5 64 Checked flash over https and used the applet in kde system settings to delete local storage.
Whiteboard: MGA5-32-OK => MGA5-32-OK mga5-64-ok
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK mga5-64-ok => MGA5-32-OK mga5-64-ok advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0173.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED