Advisories ยป MGASA-2014-0091

Updated flash-player-plugin package fixes security vulnerabilities

Publication date: 21 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0498 , CVE-2014-0499 , CVE-2014-0502

Description

Adobe Flash Player 11.2.202.341 contains fixes to critical security
vulnerabilities found in earlier versions that could cause a crash and
potentially allow an attacker to remotely take control of the affected system.

This update resolves a stack overflow vulnerability that could result
in arbitrary code execution (CVE-2014-0498).

This update resolves a memory leak vulnerability that could be used to defeat
memory address layout randomization (CVE-2014-0499).

This update resolves a double free vulnerability that could result
in arbitrary code execution (CVE-2014-0502).

Adobe is aware of reports that CVE-2014-0502 is being exploited in the wild.
                

References

SRPMS

4/nonfree

3/nonfree