Bug 5152 - flash security update to version 11.2.202.228 (CVE-2012-0772, CVE-2012-0773)
Summary: flash security update to version 11.2.202.228 (CVE-2012-0772, CVE-2012-0773)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 1
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: http://get.adobe.com/flashplayer/
Whiteboard:
Keywords: Security, validated_update
Depends on:
Blocks:
 
Reported: 2012-03-29 01:44 CEST by Dave Hodgins
Modified: 2012-04-03 05:10 CEST (History)
4 users (show)

See Also:
Source RPM: flash-player-plugin-10.3.181.34-0.1.mga1.nonfree.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Dave Hodgins 2012-03-29 01:44:10 CEST 
Adobe has released Security Bulletin APSB12-07 to address critical vulnerabilities (CVE-2012-0772, CVE-2012-0773) in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x.
Remco Rijnders 2012-03-29 07:37:27 CEST

Keywords: (none) => Security
Assignee: bugsquad => anssi.hannula

Comment 1 Anssi Hannula 2012-03-29 22:46:04 CEST 
Flash Player 11.2.202.228 has been pushed to mga1 nonfree/updates_testing.

Advisory:
============
Adobe Flash Player 11.1.102.63 contains a fix to a critical security
vulnerability found in earlier versions. This vulnerability could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves a memory corruption vulnerability in the NetStream class that could lead to code execution (CVE-2012-0773).

References:
http://www.adobe.com/support/security/bulletins/apsb12-07.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0773
============

Note: CVE-2012-0772 is omitted above as it is a Windows-only issue.

Updated Flash Player 11.2.202.228 packages are in mga1 nonfree/updates_testing
as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and
x86_64).

==========
Suggested testing procedure:
==========
Package installs and Flash works.

Status: NEW => ASSIGNED
CC: (none) => anssi.hannula
Hardware: i586 => All
Version: Cauldron => 1
Assignee: anssi.hannula => qa-bugs

Comment 2 Dave Hodgins 2012-03-29 23:19:16 CEST 
Testing on i586 complete for the srpm
flash-player-plugin-11.2.202.228-1.mga1.nonfree.src.rpm

Testing using http://www.adobe.com/software/flash/about/
youtube, and menu/tools/more/Adobe flash player.
Comment 3 Olivier Delaune 2012-03-30 07:31:13 CEST 
Hello,
Testing on 64-bits system.
flash-player-plugin-11.2.202.228-1.mga1.nonfree.x86_64.rpm

Testing using http://www.adobe.com/software/flash/about/ and youtube.

CC: (none) => olivier.delaune

Comment 4 Dave Hodgins 2012-03-30 09:10:11 CEST 
Validating the update

Could someone from the sysadmin team push the srpm
flash-player-plugin-11.2.202.228-1.mga1.nonfree.src.rpm
from Nonfree Updates Testing to Nonfree Updates.

Advisory: Adobe Flash Player 11.1.102.63 contains a fix to a critical security
vulnerability found in earlier versions. This vulnerability could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves a memory corruption vulnerability in the NetStream class
that could lead to code execution (CVE-2012-0773).

References:
http://www.adobe.com/support/security/bulletins/apsb12-07.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0773

https://bugs.mageia.org/show_bug.cgi?id=5152

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Thomas Backlund 2012-04-03 05:10:05 CEST 
Update pushed

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.