7749 – Security update request for flash-player-plugin, to 11.2.202.243

Bug 7749 - Security update request for flash-player-plugin, to 11.2.202.243

Summary: Security update request for flash-player-plugin, to 11.2.202.243

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	2
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:	MGA1TOO, MGA2-64-OK MGA2-32-OK MGA1-6...
Keywords:	Security, validated_update

Depends on:
Blocks:

Reported:	2012-10-09 18:20 CEST by Anssi Hannula
Modified:	2012-10-11 09:34 CEST (History)
CC List:	7 users (show)

See Also:
Source RPM:	flash-player-plugin
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2012-10-09 18:20:31 CEST

Flash Player 11.2.202.243 has been pushed to mga1+mga2 nonfree/updates_testing.

Advisory:
============
Adobe Flash Player 11.2.202.243 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

This update resolves various buffer overflow vulnerabilities that could lead to code execution (CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5257, CVE-2012-5259, CVE-2012-5260, CVE-2012-5262, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266).

This update resolves various memory corruption vulnerabilities that could lead to code execution (CVE-2012-5252, CVE-2012-5256, CVE-2012-5258, CVE-2012-5261, CVE-2012-5263, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272).

References:
http://www.adobe.com/support/security/bulletins/apsb12-22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5272
============

Updated Flash Player 11.2.202.243 packages are in mga1+mga2
nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and
flash-player-plugin-kde (i586 and x86_64).

==========
Suggested testing procedure:
==========
Package installs and Flash works.

Comment 1 David GEIGER 2012-10-09 20:08:09 CEST

Testing complete for flash-player-plugin-11.2.202.243-1.mga2.nonfree on Mageia release 2 (Official) for x86_64 ,for me it's Ok it works fine and nothing to report.

Ditto for flash-player-plugin-kde-11.2.202.243-1.mga2.nonfree .

Test with several video on Youtube ,Dailymotion ,Pluzz.fr , ......

CC: (none) => geiger.david68210

Eduard Beliaev 2012-10-10 00:12:15 CEST

Whiteboard: (none) => MGA2-64-OK

Comment 2 Eduard Beliaev 2012-10-10 00:48:41 CEST

Here works too on Mageia 2 x86_64, I will test it in i586.

CC: (none) => ed_rus099

Comment 3 Eduard Beliaev 2012-10-10 03:39:55 CEST

Tested on Mageia 2 i586, the videos are running well but without sound as I am using an Virtual box install...

Comment 4 Simon Putt 2012-10-10 12:48:56 CEST

Working well on youtube, 1080p full screen is ok too, hardly any buffering/stutters, plays smooth. sound works fine too.

CC: (none) => lemonzest

user7 2012-10-11 02:37:07 CEST

CC: (none) => wassi
Whiteboard: MGA2-64-OK => MGA1TOO, MGA2-64-OK

Comment 5 Dave Hodgins 2012-10-11 06:19:27 CEST

Testing complete.

Could someone from the sysadmin team push the srpm
flash-player-plugin-11.2.202.243-1.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates and the srpm
flash-player-plugin-11.2.202.243-1.mga1.nonfree.src.rpm
from Mageia 1 Nonfree Updates Testing to Nonfree Updates.

Advisory:
Adobe Flash Player 11.2.202.243 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves various buffer overflow vulnerabilities that could lead to
code execution (CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251,
CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5257, CVE-2012-5259,
CVE-2012-5260, CVE-2012-5262, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266).

This update resolves various memory corruption vulnerabilities that could lead
to code execution (CVE-2012-5252, CVE-2012-5256, CVE-2012-5258, CVE-2012-5261,
CVE-2012-5263, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270,
CVE-2012-5271, CVE-2012-5272).

References:
http://www.adobe.com/support/security/bulletins/apsb12-22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5272

https://bugs.mageia.org/show_bug.cgi?id=7749

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: MGA1TOO, MGA2-64-OK => MGA1TOO, MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK

Comment 6 Thomas Backlund 2012-10-11 09:34:39 CEST

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0290

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.