Bug 9350 - Security update request for flash-player-plugin, to 11.2.202.275
Summary: Security update request for flash-player-plugin, to 11.2.202.275
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 2
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA2-64-OK MGA2-32-OK
Keywords: Security, validated_update
Depends on:
Blocks:
 
Reported: 2013-03-12 17:43 CET by Anssi Hannula
Modified: 2013-03-19 22:31 CET (History)
3 users (show)

See Also:
Source RPM: flash-player-plugin
CVE:
Status comment:


Attachments

Description Anssi Hannula 2013-03-12 17:43:01 CET
Flash Player 11.2.202.275 has been pushed to mga2 nonfree/updates_testing.

Advisory:
============
Adobe Flash Player 11.2.202.275 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2013-0646).

This update resolves a use-after-free vulnerability that could be exploited to execute arbitrary code (CVE-2013-0650).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-1371).

This update resolves a heap buffer overflow vulnerability that could lead to code execution (CVE-2013-1375).

References:
http://www.adobe.com/support/security/bulletins/apsb13-09.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1375
============

Updated Flash Player 11.2.202.275 packages are in mga2 nonfree/updates_testing
as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and
x86_64).
Comment 1 Dave Hodgins 2013-03-12 21:04:37 CET
Testing complete on Mageia 2 i586 and x86_64.

Could someone from the sysadmin team push the srpm
flash-player-plugin-11.2.202.275-1.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates.

See the Description for the advisory.

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: (none) => MGA2-64-OK MGA2-32-OK

Comment 2 Dave Hodgins 2013-03-15 22:37:19 CET
Ping sysadmin team. Please see comment 1 for push request.
Comment 3 D Morgan 2013-03-17 00:17:42 CET
Update pushed: 
       https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0098

Status: NEW => RESOLVED
CC: (none) => dmorganec
Resolution: (none) => FIXED

Michał Wernicki 2013-03-19 22:31:40 CET

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=9459


Note You need to log in before you can comment on or make changes to this bug.