Flash Player 11.2.202.270 has been pushed to mga2 nonfree/updates_testing. Advisory: ============ Adobe Flash Player 11.2.202.270 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves buffer overflow vulnerabilities that could lead to code execution (CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-1365, CVE-2013-1368, CVE-2013-0642, CVE-2013-1367). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2013-0649, CVE-2013-1374, CVE-2013-0644). This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2013-0639). This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2013-0638, CVE-2013-0647). This update resolves a vulnerability that could result in information disclosure (CVE-2013-0637). References: http://www.adobe.com/support/security/bulletins/apsb13-05.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0637 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0638 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1365 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1366 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1367 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1369 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1374 ============ Updated Flash Player 11.2.202.270 packages are in mga2 nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and x86_64). ========== Suggested testing procedure: ========== Package installs and Flash works.
Summary: Security update request for flash-player-plugin, to 11.2.202.262 => Security update request for flash-player-plugin, to 11.2.202.270
Testing complete mga2 32 Tested flash works after the update at youtube.com and http://www.adobe.com/software/flash/about/ shows the correct version. You have version 11,2,202,270 installed Used the menu item from flash-player-plugin-kde to delete the local storage.
Whiteboard: (none) => has_procedure mga2-32-ok
Checked updated version installed (per Claire's comment), played a few levels of a Lemmings game at flashgamesnexus.com used menu item from flash-player-plugin-kde to delete local storage.
CC: (none) => wrw105Whiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok MGA2-64-OK
This can be validated now Bill please. Thanks :)
Validating. Advisory and srpms in comment 0. https://bugs.mageia.org/show_bug.cgi?id=9049#c0 Could sysadmin please push from nonfree/updates_testing to nonfree/updates? Thanks!
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Update pushed; https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0051
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED