Bug 8994 - Security update request for flash-player-plugin, to 11.2.202.262
: Security update request for flash-player-plugin, to 11.2.202.262
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
:
: MGA2-64-OK MGA2-32-OK
: Security, validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-02-07 23:38 CET by Anssi Hannula
Modified: 2013-02-08 16:00 CET (History)
4 users (show)

See Also:
Source RPM: flash-player-plugin
CVE:
Status comment:


Attachments

Description Anssi Hannula 2013-02-07 23:38:55 CET
Flash Player 11.2.202.262 has been pushed to mga2 nonfree/updates_testing.

Advisory:
============
Adobe Flash Player 11.2.202.262 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2013-0633).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-0634).

These vulnerabilities are already being exploited in the wild against Windows and Macintosh systems.

References:
http://www.adobe.com/support/security/bulletins/apsb13-04.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0634
============

Updated Flash Player 11.2.202.262 packages are in mga2 nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and x86_64).

==========
Suggested testing procedure:
==========
Package installs and Flash works.
Comment 1 Dave Hodgins 2013-02-08 03:21:46 CET
Testing complete on Mageia 2 i586 and x86_64.

Could someone from the sysadmin team push the srpm
flash-player-plugin-11.2.202.262-1.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates.

Advisory: Adobe Flash Player 11.2.202.262 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves a buffer overflow vulnerability that could lead to code
execution (CVE-2013-0633).

This update resolves a memory corruption vulnerability that could lead to code
execution (CVE-2013-0634).

These vulnerabilities are already being exploited in the wild against Windows
and Macintosh systems.

References:
http://www.adobe.com/support/security/bulletins/apsb13-04.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0634

https://bugs.mageia.org/show_bug.cgi?id=8994
Comment 2 Manuel Hiebel 2013-02-08 12:32:50 CET
*** Bug 8998 has been marked as a duplicate of this bug. ***
Comment 3 Thomas Backlund 2013-02-08 16:00:23 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0042

Note You need to log in before you can comment on or make changes to this bug.