From Mageia wiki
Jump to: navigation, search

MGASA-2012-0114

Date: June 10th, 2012
Affected releases: 1, 2


Description:
Adobe Flash Player 11.2.202.236 contains fixes to critical security
vulnerabilites found in earlier versions. These vulnerabilities could
cause a crash and potentially allow an attacker to take control of the
affected system.

This update resolves various memory corruption (CVE-2012-2034,
CVE-2012-2037),stack overflow (CVE-2012-2035), integer overflow
(CVE-2012-2036), and null dereference vulnerabilities (CVE-2012-2039)
that could lead to code execution.

This update resolves a security bypass vulnerability that could lead to
information disclosure (CVE-2012-2038).

Additionally, a packaging issue is fixed which prevented XCB version of
libcairo from being used (Mageia bug #5824).


Updated Packages:
Mageia 1:
flash-player-plugin-11.2.202.236-1.mga1
flash-player-plugin-kde-11.2.202.236-1.mga1
Mageia 2:
flash-player-plugin-11.2.202.236-1.mga2
flash-player-plugin-kde-11.2.202.236-1.mga2


References:
http://www.adobe.com/support/security/bulletins/apsb12-14.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2039
https://bugs.mageia.org/show_bug.cgi?id=5824
https://bugs.mageia.org/show_bug.cgi?id=6385 (mga1)
https://bugs.mageia.org/show_bug.cgi?id=6384 (mga2)