Bug 9194 - Multiple vulnerabilities in Adobe Flash Player (CVE-2013-0504, CVE-2013-0643, CVE-2013-0648)
: Multiple vulnerabilities in Adobe Flash Player (CVE-2013-0504, CVE-2013-0643,...
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: Sec team
:
: MGA2-64-OK MGA2-32-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-02-27 09:57 CET by Oden Eriksson
Modified: 2013-02-27 22:18 CET (History)
7 users (show)

See Also:
Source RPM:
CVE:
Status comment:


Attachments

Description Oden Eriksson 2013-02-27 09:57:54 CET
======================================================
Name: CVE-2013-0504
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0504
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121216
Category: 
Reference: CONFIRM:http://www.adobe.com/support/security/bulletins/apsb13-08.html

Buffer overflow in the broker service in Adobe Flash Player before
10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and
before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows
attackers to execute arbitrary code via unspecified vectors.



======================================================
Name: CVE-2013-0643
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0643
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121218
Category: 
Reference: CONFIRM:http://www.adobe.com/support/security/bulletins/apsb13-08.html

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x
before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67
and 11.x before 11.2.202.273 on Linux, does not properly restrict
privileges, which makes it easier for remote attackers to execute
arbitrary code via crafted SWF content, as exploited in the wild in
February 2013.



======================================================
Name: CVE-2013-0648
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0648
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121218
Category: 
Reference: CONFIRM:http://www.adobe.com/support/security/bulletins/apsb13-08.html

Unspecified vulnerability in the ExternalInterface ActionScript
functionality in Adobe Flash Player before 10.3.183.67 and 11.x before
11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x
before 11.2.202.273 on Linux, allows remote attackers to execute
arbitrary code via crafted SWF content, as exploited in the wild in
February 2013.


Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2013-02-27 10:02:11 CET
11.2.202.273 has been submitted to mga2, nonfree/updates_testing and to cauldron.

Someone has to submit it to cauldron, I will ask guillomovitch to do it.
Comment 2 Manuel Hiebel 2013-02-27 11:22:29 CET
*** Bug 9192 has been marked as a duplicate of this bug. ***
Comment 3 Oden Eriksson 2013-02-27 11:42:40 CET
guillomovitch has just submitted 11.2.202.273 to cauldron, so fixed there.
Comment 4 David Walser 2013-02-27 15:17:40 CET
Please don't forget to assign bugs to QA when they're ready for testing.
Comment 5 claire robinson 2013-02-27 15:50:49 CET
installing flash-player-plugin-11.2.202.273-1.1.mga2.nonfree.i586.rpm flash-player-plugin-kde-11.2.202.273-1.1.mga2.nonfree.i586.rpm from /var/cache/urpmi/rpms
Preparing...                     ###############################################
Note that by downloading the Adobe Flash Player you indicate your acceptance of
the EULA, available at http://www.adobe.com/products/eulas/players/flash/
Downloading from http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.273/flash-plugin-11.2.202.273-release.i386.rpm:
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 6740k  100 6740k    0     0  1895k      0  0:00:03  0:00:03 --:--:-- 1926k
Error: Unable to download Flash Player. This is likely due to this package
       being too old. Please file a bug report at https://bugs.mageia.org
       so that the package gets updated. Thank you.

       In the meantime, you can download Flash Player manually from
       http://get.adobe.com/flashplayer/
error: %pre(flash-player-plugin-11.2.202.273-1.1.mga2.nonfree.i586) scriptlet failed, exit status 1
error: flash-player-plugin-11.2.202.273-1.1.mga2.nonfree.i586: install failed
      1/2: flash-player-plugin-kde
                                 ###############################################
head: cannot open `/var/lib/flash-player-plugin/flash-plugin-11.2.202.270-release.i386.rpm' for reading: No such file or directory
tar (child): /var/lib/flash-player-plugin/flash-plugin-11.2.202.270-release.i386.rpm: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now
Warning: usr/lib/kde4/kcm_adobe_flash_player.so not found in the Flash Player archive,
         skipping installation of /usr/lib/kde4/kcm_adobe_flash_player.so.
         Please file a bug report at https://bugs.mageia.org/ .
Warning: usr/share/kde4/services/kcm_adobe_flash_player.desktop not found in the Flash Player archive,
         skipping installation of /usr/share/kde4/services/kcm_adobe_flash_player.desktop.
         Please file a bug report at https://bugs.mageia.org/ .
error: flash-player-plugin-11.2.202.270-1.mga2.nonfree.i586: erase skipped
Comment 6 Oden Eriksson 2013-02-27 16:39:25 CET
I'd vote to skip the md5sum check there.
Comment 7 Oden Eriksson 2013-02-27 16:47:43 CET
When I downloaded the files the md5sum file for flash-plugin-11.2.202.273-release.i386.rpm was 3a983d14af0f9fef3ee5a35cc909a0f3 i just re-downloaded the same file and now it's 164a331d00a09fc951aae96e64e4b969

I really don't see the point of this md5sum check?
Comment 8 claire robinson 2013-02-27 17:05:37 CET
It looks like it's trying to open the wrong file after downloading the correct one. It downloads -273 then tries to open -270 and fails with file not found.
Comment 9 Oden Eriksson 2013-02-27 17:58:31 CET
[root@localhost /]# urpmi flash-player-plugin --excludemedia "Nonfree Updates Testing"


    http://n0.nux.se/mageia/2/x86_64/media/nonfree/updates/flash-player-plugin-11.2.202.270-1.mga2.nonfree.x86_64.rpm
installerar flash-player-plugin-11.2.202.270-1.mga2.nonfree.x86_64.rpm från /var/cache/urpmi/rpms
Förbereder...                    ################################################################################################################################################################################
Note that by downloading the Adobe Flash Player you indicate your acceptance of
the EULA, available at http://www.adobe.com/products/eulas/players/flash/
Downloading from http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.270/flash-plugin-11.2.202.270-release.x86_64.rpm:
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 7047k  100 7047k    0     0  5734k      0  0:00:01  0:00:01 --:--:-- 5902k
      1/1: flash-player-plugin   ################################################################################################################################################################################
Adobe Flash Player installation successful.
[root@localhost /]# urpmi flash-player-plugin


    http://n0.nux.se/mageia/2/x86_64/media/nonfree/updates_testing/flash-player-plugin-11.2.202.273-1.1.mga2.nonfree.x86_64.rpm
installerar flash-player-plugin-11.2.202.273-1.1.mga2.nonfree.x86_64.rpm från /var/cache/urpmi/rpms
Förbereder...                    ################################################################################################################################################################################
Note that by downloading the Adobe Flash Player you indicate your acceptance of
the EULA, available at http://www.adobe.com/products/eulas/players/flash/
Downloading from http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.273/flash-plugin-11.2.202.273-release.x86_64.rpm:
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 7047k  100 7047k    0     0  4134k      0  0:00:01  0:00:01 --:--:-- 4217k
      1/1: flash-player-plugin   ################################################################################################################################################################################
Adobe Flash Player installation successful.
Comment 10 claire robinson 2013-02-27 18:51:52 CET
Confirmed that Oden

x86_64 is OK but i586 fails
Comment 11 Anssi Hannula 2013-02-27 18:56:56 CET
There are two urls:
http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.273/flash-plugin-11.2.202.273-release.i386.rpm
http://linuxdownload.adobe.com/linux/i386/flash-plugin-11.2.202.273-release.i386.rpm
One of those has the other md5sum, and one has the other (as noted in the .spec file).
@Oden, is there a possibility you mistakenly checked the md5sum from the latter URL first?

Anyway, fixed packages (and now with both urls and md5sums enabled) submitted with version 11.2.202.273-1.2.mga2.nonfree.
Comment 12 Bill Wilkinson 2013-02-27 20:01:43 CET
tested x86_64 verified build (-1.2mga2) through whatismyflash.com

tested youtube videos and a game, all looks good.
Comment 13 Dave Hodgins 2013-02-27 20:49:04 CET
Testing complete on Mageia 2 i586.

Could someone from the sysadmin team push the srpm
flash-player-plugin-11.2.202.273-1.2.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates.

Advisory: Flash player update corrects the following security problems.
CVE-2013-0504 - Buffer overflow in the broker service
CVE-2013-0643 - Sandbox privilege restrictions
CVE-2013-0648 - Vulnerability in the ExternalInterface ActionScript

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0648
http://www.adobe.com/support/security/bulletins/apsb13-08.html
http://www.adobe.com/support/security/bulletins/apsb13-08.html
http://www.adobe.com/support/security/bulletins/apsb13-08.html

https://bugs.mageia.org/show_bug.cgi?id=9194
Comment 14 Thomas Backlund 2013-02-27 22:18:53 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0075

Note You need to log in before you can comment on or make changes to this bug.