3314 – Update request for flash-player-plugin, to 11.1.102.55

Bug 3314 - Update request for flash-player-plugin, to 11.1.102.55

Summary: Update request for flash-player-plugin, to 11.1.102.55

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	1
Hardware:	i586 Linux

Priority:	High Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:
Keywords:	Security, validated_update

Depends on:
Blocks:

Reported:	2011-11-11 01:32 CET by Anssi Hannula
Modified:	2011-11-11 20:43 CET (History)
CC List:	5 users (show)

See Also:
Source RPM:	flash-player-plugin
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2011-11-11 01:32:13 CET

Flash Player 11.1.102.55 has been pushed to mga1 nonfree/updates_testing.

Note that the current packages in nonfree/updates are no longer installable due to Adobe changes, so this requires a speedy update!

Advisory:
============
Adobe Flash Player 11.1.102.55 contains fixes to security vulnerabilities found in earlier versions, plus other fixes and enhancements.

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, CVE-2011-2460).

This update resolves a heap corruption vulnerability that could lead to code execution (CVE-2011-2450).

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2011-2456).

This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2011-2457).

References:
http://www.adobe.com/support/security/bulletins/apsb11-28.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2460
============

Updated Flash Player 11.1.102.55 packages are in mga1 nonfree/updates_testing
as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and x86_64).

==========
Suggested testing procedure:
==========
Package installs and Flash works.

The current packages in /updates are non-installable, so we need to get this one out ASAP.

Comment 1 Dave Hodgins 2011-11-11 02:36:02 CET

Testing complete on i586 for the srpm
flash-player-plugin-11.1.102.55-1.mga1.nonfree.src.rpm

Tested using youtube.com and
http://www.adobe.com/software/flash/about/ and youtube.com

Used systemsettings/Network and Conectivity/Adobe Flash Player,
to alter the settings for storage, and camera and mic, to
block all sites.

CC: (none) => davidwhodgins

Comment 2 Luan Pham 2011-11-11 06:17:08 CET

Testing complete for x86_64 try both on Firefox and Chromium have no problem with site require flash-player like msnbc, YouTube and other without any problem.

CC: (none) => pham182b

Comment 3 David GEIGER 2011-11-11 08:23:00 CET

Tested on Mageia release 1 (Official) for x86_64 and it work fine too.

I have test with Firefox8 ,Chromium and Konqueror .Any problem to declare.

CC: (none) => geiger.david68210

Comment 4 Dave Hodgins 2011-11-11 09:00:52 CET

Validating the update.

Can someone from the sysadmin team push the srpm
flash-player-plugin-11.1.102.55-1.mga1.nonfree.src.rpm
from Nonfree Updates Testing to Nonfree Updates

Advisory:
============
Adobe Flash Player 11.1.102.55 contains fixes to security vulnerabilities found
in earlier versions, plus other fixes and enhancements.

This update resolves memory corruption vulnerabilities that could lead to code
execution (CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453,
CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, CVE-2011-2460).

This update resolves a heap corruption vulnerability that could lead to code
execution (CVE-2011-2450).

This update resolves a buffer overflow vulnerability that could lead to code
execution (CVE-2011-2456).

This update resolves a stack overflow vulnerability that could lead to code
execution (CVE-2011-2457).

References:
http://www.adobe.com/support/security/bulletins/apsb11-28.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2460

https://bugs.mageia.org/show_bug.cgi?id=3314

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Thomas Backlund 2011-11-11 20:43:41 CET

Update pushed.

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.