Flash Player 11.2.202.236 has been pushed to mga2 nonfree/updates_testing. Advisory: ============ Adobe Flash Player 11.2.202.236 contains fixes to critical security vulnerabilites found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves various memory corruption (CVE-2012-2034, CVE-2012-2037), stack overflow (CVE-2012-2035), integer overflow (CVE-2012-2036), and null dereference vulnerabilities (CVE-2012-2039) that could lead to code execution. This update resolves a security bypass vulnerability that could lead to information disclosure (CVE-2012-2038). Additionally, a packaging issue is fixed which prevented XCB version of libcairo from being used (Mageia bug #5824). References: http://www.adobe.com/support/security/bulletins/apsb12-14.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2034 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2035 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2036 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2038 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2039 https://bugs.mageia.org/show_bug.cgi?id=5824 ============ Updated Flash Player 11.2.202.236 packages are in mga2 nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and x86_64). ========== Suggested testing procedure: ========== Package installs and Flash works.
I tested it by wtacching video on Youtube and also by playing to some flash game. It works fine for me. Mageia 2 64-bits
CC: (none) => olivier.delaune
Testing complete for the srpm flash-player-plugin-11.2.202.236-1.mga2.nonfree.src.rpm on Mageia release 2 (Official) for x86_64,it works fine for me too. -Some video on Youtube,dailymotion,pluzz ,etc.... ,ok -Tested flash-player-plugin-kde , ok
CC: (none) => geiger.david68210
Component: RPM Packages => SecurityDepends on: (none) => 6385Whiteboard: (none) => mga2-64-OK,
Depends on: 6385 => (none)
Testing complete i586 mga2 with firefox and chromium-browser. Used global settings in kde to delete the saved data and check for updates. Tested flash video on youtube. Running under strace shows it using /usr/lib/libcairo.so.2 $ urpmq --requires --media Release flash-player-plugin | grep cairo libcairo2 $ urpmq --requires --media Testing flash-player-plugin | grep cairo libcairo.so.2 libpangocairo-1.0.so.0
Validating Could sysadmin please push from mga2 nonfree/updates_testing to nonfree/updates See comment 0 for advisory and srpm Please push this before the mga1 version in bug 6385 Bug 5824 can then be closed as resolved
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsBlocks: (none) => 6385Whiteboard: mga2-64-OK, => mga2-64-OK, mga2-32-OK
Update submitted: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0114
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED