Bug 9677 - Security update request for flash-player-plugin, to
: Security update request for flash-player-plugin, to
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: Sec team
: mga2-64-ok mga2-32-ok
: Security, validated_update
  Show dependency treegraph
Reported: 2013-04-09 18:08 CEST by Anssi Hannula
Modified: 2013-04-10 00:13 CEST (History)
3 users (show)

See Also:
Source RPM: flash-player-plugin
Status comment:


Description Anssi Hannula 2013-04-09 18:08:58 CEST
Flash Player has been pushed to mga2 nonfree/updates_testing.

Updated Flash Player packages are in mga2 nonfree/updates_testing
as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and

No advisory just yet, nothing has been published by Adobe. I'll give them 24 hours after which we will push this as a non-security update. I'll write an advisory at that time at the latest.

I think this update can be tested regardless.
Comment 1 Anssi Hannula 2013-04-09 19:55:36 CEST
And we got advisory.

Adobe Flash Player contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2013-2555). 

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-1378, CVE-2013-1380). 

These updates resolve a memory corruption vulnerability caused by Flash Player improperly initializing certain pointer arrays, which could lead to code execution (CVE-2013-1379).

Comment 2 David GEIGER 2013-04-09 20:17:42 CEST
Testing complete for the new flash-player-plugin- and flash-player-plugin-kde on Mageia release 2 (Official) for x86_64, for it's good nothind to report, it works fine.

test some video: youtube, dailymotion, pluzz, tf1replay, m6replay...
Comment 3 claire robinson 2013-04-09 22:13:50 CEST
testing mga2 32
Comment 4 claire robinson 2013-04-09 22:21:30 CEST
Thanks Anssi & David

Testing complete mga2 32

Checked flash videos and deleted storage in kde flash settings


Advisory & srpm in comment 1

Could sysadmin please push from nonfree/updates_testing to nonfree/updates

Comment 5 Thomas Backlund 2013-04-10 00:13:04 CEST
Update pushed:

Note You need to log in before you can comment on or make changes to this bug.