From Mageia wiki
Jump to: navigation, search

MGASA-2013-0098

Date: March 16rd, 2013
Affected releases: 2
Media: Nonfree


Description:
Adobe Flash Player 11.2.202.275 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2013-0646).

This update resolves a use-after-free vulnerability that could be exploited to execute arbitrary code (CVE-2013-0650).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-1371).

This update resolves a heap buffer overflow vulnerability that could lead to code execution (CVE-2013-1375).

Updated Packages:
i586:
flash-player-plugin-11.2.202.275-1.mga2.nonfree.i586.rpm
flash-player-plugin-kde-11.2.202.275-1.mga2.nonfree.i586.rpm

x86_64:
flash-player-plugin-11.2.202.275-1.mga2.nonfree.x86_64.rpm
flash-player-plugin-kde-11.2.202.275-1.mga2.nonfree.x86_64.rpm

SRPMS:
flash-player-plugin-11.2.202.275-1.mga2.nonfree.src.rpm


References:
http://www.adobe.com/support/security/bulletins/apsb13-09.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1375
https://bugs.mageia.org/show_bug.cgi?id=9350