Updated flash-player-plugin package fixes multiple vulnerabilities
Publication date: 09 Apr 2014Modification date: 17 Jan 2022
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0506 , CVE-2014-0507 , CVE-2014-0508 , CVE-2014-0509
Description
Adobe Flash Player 11.2.202.350 contains fixes to critical security
vulnerabilities found in earlier versions that could cause a crash and
potentially allow an attacker to remotely take control of the affected
system.
This update resolves a use-after-free vulnerability that could result in
arbitrary code execution (CVE-2014-0506).
This update resolves a buffer overflow vulnerability that could result in
arbitrary code execution (CVE-2014-0507).
This update resolves a security bypass vulnerability that could lead to
information disclosure (CVE-2014-0508).
This update resolves a cross-site-scripting vulnerability (CVE-2014-0509).
References
- http://helpx.adobe.com/security/products/flash-player/apsb14-09.html
- https://bugs.mageia.org/show_bug.cgi?id=13175
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0506
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0507
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0508
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0509
SRPMS
4/nonfree
- flash-player-plugin-11.2.202.350-1.mga4.nonfree
3/nonfree
- flash-player-plugin-11.2.202.350-1.mga3.nonfree