Updated flash-player-plugin package fixes security vulnerabilitiesPublication date: 21 Feb 2014
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0498 , CVE-2014-0499 , CVE-2014-0502
Adobe Flash Player 184.108.40.2061 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0498). This update resolves a memory leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0499). This update resolves a double free vulnerability that could result in arbitrary code execution (CVE-2014-0502). Adobe is aware of reports that CVE-2014-0502 is being exploited in the wild.