Advisory: ============ Adobe Flash Player 11.2.202.632 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a race condition vulnerability that could lead to information disclosure (CVE-2016-4247). This update resolves type confusion vulnerabilities that could lead to code execution (CVE-2016-4223, CVE-2016-4224, CVE-2016-4225). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4248). This update resolves a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-4249). This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246). This update resolves a memory leak vulnerability (CVE-2016-4232). This update resolves stack corruption vulnerabilities that could lead to code execution (CVE-2016-4176, CVE-2016-4177). This update resolves a security bypass vulnerability that could lead to information disclosure (CVE-2016-4178) References: https://helpx.adobe.com/security/products/flash-player/apsb16-25.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4217 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4218 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4219 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4220 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4222 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4223 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4229 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4230 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4247 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4249 ============ CVEs: CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249 Updated Flash Player packages are in mga5 nonfree/updates_testing. Source packages: flash-player-plugin-11.2.202.632-1.mga5.nonfree Binary packages: flash-player-plugin flash-player-plugin-kde
testing complete mga5 64 Checked correct version downloaded.. Downloading from http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.632/flash-plugin-11.2.202.632-release.x86_64.rpm: Tested at https://www.adobe.com/software/flash/about/ which shows correct version info and some flash video content. Used the thingy in kde system settings to delete local storage.
Whiteboard: (none) => has_procedure mga5-64-ok
Advisory uploaded + good grief @ 52 CVEs
Whiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-ok
Validating. Please push urgently.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0251.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED