Advisory: ============ Adobe Flash Player 11.2.202.635 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2016-4287). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932). This update resolves security bypass vulnerabilities that could lead to information disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278). This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924). References: https://helpx.adobe.com/security/products/flash-player/apsb16-29.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4271 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4272 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4278 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4279 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4280 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4282 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4283 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4284 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6921 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6922 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6923 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6924 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6926 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6927 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6930 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6931 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6932 ============ CVEs: CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932 Updated Flash Player packages have been submitted to mga5 nonfree/updates_testing. Source packages: flash-player-plugin-11.2.202.635-1.mga5.nonfree Binary packages: flash-player-plugin flash-player-plugin-kde
Working fine Mageia 5 i586.
Whiteboard: (none) => MGA5-32-OK
Played a game and viewed video mga5-64. Validating. Ready for push when advisory uploaded to svn.
Keywords: Security => validated_updateWhiteboard: MGA5-32-OK => MGA5-32-OK mga5-64-okCC: (none) => wrw105, sysadmin-bugs
Advisory added to svn
CC: (none) => davidwhodginsWhiteboard: MGA5-32-OK mga5-64-ok => MGA5-32-OK mga5-64-ok advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0315.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
Summary: Security update request for flash-player-plugin, to 11.2.202.632 => Security update request for flash-player-plugin, to 11.2.202.635