Bug 9049 - Security update request for flash-player-plugin, to 11.2.202.270
: Security update request for flash-player-plugin, to 11.2.202.270
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
:
: has_procedure mga2-32-ok MGA2-64-OK
: Security, validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-02-12 18:43 CET by Anssi Hannula
Modified: 2013-02-13 01:02 CET (History)
3 users (show)

See Also:
Source RPM: flash-player-plugin
CVE:


Attachments

Description Anssi Hannula 2013-02-12 18:43:58 CET
Flash Player 11.2.202.270 has been pushed to mga2 nonfree/updates_testing.

Advisory:
============
Adobe Flash Player 11.2.202.270 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves buffer overflow vulnerabilities that could lead to code execution (CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-1365, CVE-2013-1368, CVE-2013-0642, CVE-2013-1367). 

This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2013-0649, CVE-2013-1374, CVE-2013-0644).  

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2013-0639).  

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2013-0638, CVE-2013-0647).  

This update resolves a vulnerability that could result in information disclosure (CVE-2013-0637). 

References:
http://www.adobe.com/support/security/bulletins/apsb13-05.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1374
============

Updated Flash Player 11.2.202.270 packages are in mga2 nonfree/updates_testing
as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and
x86_64).

==========
Suggested testing procedure:
==========
Package installs and Flash works.
Comment 1 claire robinson 2013-02-12 20:07:23 CET
Testing complete mga2 32

Tested flash works after the update at youtube.com and http://www.adobe.com/software/flash/about/ shows the correct version.

You have version 
11,2,202,270 installed

Used the menu item from flash-player-plugin-kde to delete the local storage.
Comment 2 Bill Wilkinson 2013-02-12 20:33:12 CET
Checked updated version installed (per Claire's comment), played a few levels of a Lemmings game at flashgamesnexus.com 
used menu item from flash-player-plugin-kde to delete local storage.
Comment 3 claire robinson 2013-02-12 22:17:32 CET
This can be validated now Bill please.

Thanks :)
Comment 4 Bill Wilkinson 2013-02-12 22:33:08 CET
Validating.

Advisory and srpms in comment 0. https://bugs.mageia.org/show_bug.cgi?id=9049#c0


Could sysadmin please push from nonfree/updates_testing to nonfree/updates?

Thanks!
Comment 5 Thomas Backlund 2013-02-13 01:02:32 CET
Update pushed;
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0051

Note You need to log in before you can comment on or make changes to this bug.