8363 – Security update request for flash-player-plugin, to 11.2.202.258

Bug 8363 - Security update request for flash-player-plugin, to 11.2.202.258

Summary: Security update request for flash-player-plugin, to 11.2.202.258

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	2
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:	MGA2-64-OK MGA2-32-OK
Keywords:	Security, validated_update

Depends on:
Blocks:

Reported:	2012-12-11 20:45 CET by Anssi Hannula
Modified:	2013-01-03 17:11 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	flash-player-plugin
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2012-12-11 20:45:07 CET

Flash Player 11.2.202.258 has been pushed to mga2 nonfree/updates_testing.

Advisory:
============
Adobe Flash Player 11.2.202.258 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-5676). 

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2012-5677).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2012-5678).

References:
http://www.adobe.com/support/security/bulletins/apsb12-27.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5678
============

Updated Flash Player 11.2.202.258 packages are in mga2
nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and
flash-player-plugin-kde (i586 and x86_64).

==========
Suggested testing procedure:
==========
Package installs and Flash works.

Comment 1 Dave Hodgins 2012-12-11 21:38:22 CET

Testing complete on Mageia 2 i586 an x86-64.

Could someone from the sysadmin team push the srpm
flash-player-plugin-11.2.202.258-1.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates.

Advisory: Adobe Flash Player 11.2.202.258 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves a buffer overflow vulnerability that could lead to code
execution (CVE-2012-5676). 

This update resolves an integer overflow vulnerability that could lead to code
execution (CVE-2012-5677).

This update resolves a memory corruption vulnerability that could lead to code
execution (CVE-2012-5678).

References:
http://www.adobe.com/support/security/bulletins/apsb12-27.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5678

https://bugs.mageia.org/show_bug.cgi?id=8363

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: (none) => MGA2-64-OK MGA2-32-OK

Comment 2 Thomas Backlund 2012-12-11 22:32:33 CET

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0361

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Comment 3 David Walser 2013-01-03 17:11:12 CET

Update checked into Mageia 1 SVN.

CC: (none) => luigiwalser

Note You need to log in before you can comment on or make changes to this bug.