Bug 7749 - Security update request for flash-player-plugin, to 11.2.202.243
: Security update request for flash-player-plugin, to 11.2.202.243
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
:
: MGA1TOO, MGA2-64-OK MGA2-32-OK MGA1-6...
: Security, validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-10-09 18:20 CEST by Anssi Hannula
Modified: 2012-10-11 09:34 CEST (History)
7 users (show)

See Also:
Source RPM: flash-player-plugin
CVE:


Attachments

Description Anssi Hannula 2012-10-09 18:20:31 CEST
Flash Player 11.2.202.243 has been pushed to mga1+mga2 nonfree/updates_testing.

Advisory:
============
Adobe Flash Player 11.2.202.243 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

This update resolves various buffer overflow vulnerabilities that could lead to code execution (CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5257, CVE-2012-5259, CVE-2012-5260, CVE-2012-5262, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266).

This update resolves various memory corruption vulnerabilities that could lead to code execution (CVE-2012-5252, CVE-2012-5256, CVE-2012-5258, CVE-2012-5261, CVE-2012-5263, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272).

References:
http://www.adobe.com/support/security/bulletins/apsb12-22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5272
============

Updated Flash Player 11.2.202.243 packages are in mga1+mga2
nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and
flash-player-plugin-kde (i586 and x86_64).

==========
Suggested testing procedure:
==========
Package installs and Flash works.
Comment 1 David GEIGER 2012-10-09 20:08:09 CEST
Testing complete for flash-player-plugin-11.2.202.243-1.mga2.nonfree on Mageia release 2 (Official) for x86_64 ,for me it's Ok it works fine and nothing to report.

Ditto for flash-player-plugin-kde-11.2.202.243-1.mga2.nonfree .

Test with several video on Youtube ,Dailymotion ,Pluzz.fr , ......
Comment 2 Eduard Beliaev 2012-10-10 00:48:41 CEST
Here works too on Mageia 2 x86_64, I will test it in i586.
Comment 3 Eduard Beliaev 2012-10-10 03:39:55 CEST
Tested on Mageia 2 i586, the videos are running well but without sound as I am using an Virtual box install...
Comment 4 Simon Putt 2012-10-10 12:48:56 CEST
Working well on youtube, 1080p full screen is ok too, hardly any buffering/stutters, plays smooth. sound works fine too.
Comment 5 Dave Hodgins 2012-10-11 06:19:27 CEST
Testing complete.

Could someone from the sysadmin team push the srpm
flash-player-plugin-11.2.202.243-1.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates and the srpm
flash-player-plugin-11.2.202.243-1.mga1.nonfree.src.rpm
from Mageia 1 Nonfree Updates Testing to Nonfree Updates.

Advisory:
Adobe Flash Player 11.2.202.243 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves various buffer overflow vulnerabilities that could lead to
code execution (CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251,
CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5257, CVE-2012-5259,
CVE-2012-5260, CVE-2012-5262, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266).

This update resolves various memory corruption vulnerabilities that could lead
to code execution (CVE-2012-5252, CVE-2012-5256, CVE-2012-5258, CVE-2012-5261,
CVE-2012-5263, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270,
CVE-2012-5271, CVE-2012-5272).

References:
http://www.adobe.com/support/security/bulletins/apsb12-22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5272

https://bugs.mageia.org/show_bug.cgi?id=7749
Comment 6 Thomas Backlund 2012-10-11 09:34:39 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0290

Note You need to log in before you can comment on or make changes to this bug.