7114 – Security update request for flash-player-plugin, to 11.2.202.238

Bug 7114 - Security update request for flash-player-plugin, to 11.2.202.238

Summary: Security update request for flash-player-plugin, to 11.2.202.238

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	2
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:	MGA1TOO has_procedure MGA1-32-OK MGA2...
Keywords:	Security, validated_update

Depends on:
Blocks:

Reported:	2012-08-19 21:00 CEST by Anssi Hannula
Modified:	2012-08-21 16:00 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2012-08-19 21:00:27 CEST

Flash Player 11.2.202.238 has been pushed to mga1+mga2 nonfree/updates_testing.

Advisory:
============
Adobe Flash Player 11.2.202.238 contains a fix to a critical security vulnerability found in earlier versions. This undisclosed vulnerability (CVE-2012-1535) could cause a crash and potentially allow an attacker to take control of the affected system.

References:
http://www.adobe.com/support/security/bulletins/apsb12-18.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1535
============

Updated Flash Player 11.2.202.238 packages are in mga1+mga2 nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and x86_64).

==========
Suggested testing procedure:
==========
Package installs and Flash works.

Samuel Verschelde 2012-08-19 21:02:44 CEST

CC: (none) => stormi
Whiteboard: (none) => MGA1TOO has_procedure

Samuel Verschelde 2012-08-19 21:11:43 CEST

Component: RPM Packages => Security
Severity: normal => critical

Comment 1 Samuel Verschelde 2012-08-19 21:12:19 CEST

Works well on Mageia 1 32.

Whiteboard: MGA1TOO has_procedure => MGA1TOO has_procedure MGA1-32-OK

Comment 2 Eduard Beliaev 2012-08-19 21:40:12 CEST

On Mageia 2 x86_64 works well too.

CC: (none) => ed_rus099

Samuel Verschelde 2012-08-19 22:50:29 CEST

Whiteboard: MGA1TOO has_procedure MGA1-32-OK => MGA1TOO has_procedure MGA1-32-OK MGA2-64-OK

Comment 3 Dave Hodgins 2012-08-19 23:39:25 CEST

Testing complete on Mageia 1 x86-64 and Mageia 2 i586.

Could someone from the sysadmin team push the srpm
flash-player-plugin-11.2.202.238-1.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates and the srpm
flash-player-plugin-11.2.202.238-1.mga1.nonfree.src.rpm
from Mageia 1 Nonfree Updates Testing to Nonfree Updates.

Advisory: Adobe Flash Player 11.2.202.238 contains a fix to a critical security
vulnerability found in earlier versions. This undisclosed vulnerability
(CVE-2012-1535) could cause a crash and potentially allow an attacker to take
control of the affected system.

References:
http://www.adobe.com/support/security/bulletins/apsb12-18.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1535

https://bugs.mageia.org/show_bug.cgi?id=7114

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: MGA1TOO has_procedure MGA1-32-OK MGA2-64-OK => MGA1TOO has_procedure MGA1-32-OK MGA2-64-OK MGA1-64-OK MGA2-32-OK

Comment 4 Thomas Backlund 2012-08-21 16:00:45 CEST

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0229

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.