Flash Player 11.2.202.236 has been pushed to mga1 nonfree/updates_testing. Advisory: ============ Adobe Flash Player 11.2.202.236 contains fixes to critical security vulnerabilites found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves various memory corruption (CVE-2012-2034, CVE-2012-2037), stack overflow (CVE-2012-2035), integer overflow (CVE-2012-2036), and null dereference vulnerabilities (CVE-2012-2039) that could lead to code execution. This update resolves a security bypass vulnerability that could lead to information disclosure (CVE-2012-2038). Additionally, a packaging issue is fixed which prevented XCB version of libcairo from being used (Mageia bug #5824). References: http://www.adobe.com/support/security/bulletins/apsb12-14.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2034 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2035 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2036 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2038 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2039 https://bugs.mageia.org/show_bug.cgi?id=5824 ============ Updated Flash Player 11.2.202.236 packages are in mga1 nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and x86_64). ========== Suggested testing procedure: ========== Package installs and Flash works.
Blocks: (none) => 6384
Ok on mga1 x86_64
Component: RPM Packages => SecurityBlocks: 6384 => (none)Whiteboard: (none) => mga1-64-OK,
Depends on: (none) => 6384
I tested on mga1 i586 myself, seems to work.
Validating the update. Could someone from the sysadmin team push the srpm flash-player-plugin-11.2.202.236-1.mga1.nonfree.src.rpm from Nonfree Updates Testing to Nonfree Updates. Note that this update should be pushed at the same time as, or after the Mageia 2 update, in bug 6384. Advisory: Adobe Flash Player 11.2.202.236 contains fixes to critical security vulnerabilites found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves various memory corruption (CVE-2012-2034, CVE-2012-2037), stack overflow (CVE-2012-2035), integer overflow (CVE-2012-2036), and null dereference vulnerabilities (CVE-2012-2039) that could lead to code execution. This update resolves a security bypass vulnerability that could lead to information disclosure (CVE-2012-2038). Additionally, a packaging issue is fixed which prevented XCB version of libcairo from being used (Mageia bug #5824). References: http://www.adobe.com/support/security/bulletins/apsb12-14.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2034 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2035 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2036 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2038 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2039 https://bugs.mageia.org/show_bug.cgi?id=5824 https://bugs.mageia.org/show_bug.cgi?id=6385
CC: (none) => davidwhodgins, sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: mga1-64-OK, => mga1-64-OK, mga1-32-OK
Update submitted: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0114
CC: (none) => tmbStatus: NEW => RESOLVEDResolution: (none) => FIXED