MGASA-2013-0116
| Date: | April 10th, 2013 |
| Affected releases: | 2 |
| Media: | Nonfree |
Description:
Adobe Flash Player 11.2.202.280 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could
cause a crash and potentially allow an attacker to take control of the
affected system.
These updates resolve an integer overflow vulnerability that could
lead to code execution (CVE-2013-2555).
These updates resolve memory corruption vulnerabilities that could
lead to code execution (CVE-2013-1378, CVE-2013-1380).
These updates resolve a memory corruption vulnerability caused by
Flash Player improperly initializing certain pointer arrays, which
could lead to code execution (CVE-2013-1379).
Updated Packages:
i586:
flash-player-plugin-11.2.202.280-1.mga2.nonfree.i586.rpm
flash-player-plugin-kde-11.2.202.280-1.mga2.nonfree.i586.rpm
x86_64:
flash-player-plugin-11.2.202.280-1.mga2.nonfree.x86_64.rpm
flash-player-plugin-kde-11.2.202.280-1.mga2.nonfree.x86_64.rpm
SRPMS:
flash-player-plugin-11.2.202.280-1.mga2.nonfree.src.rpm
References:
http://www.adobe.com/support/security/bulletins/apsb13-11.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2555
https://bugs.mageia.org/show_bug.cgi?id=9677
