Advisories » MGASA-2015-0275

Updated flash-player-plugin package fixes security vulnerabilities

Publication date: 16 Jul 2015
Modification date: 16 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-5122 , CVE-2015-5123

Description

Adobe Flash Player 11.2.202.491 contains fixes to critical security
vulnerabilities found in earlier versions that could potentially allow
an attacker to take control of the affected system.

Adobe is aware of reports that exploits targeting these vulnerabilities
have been published publicly.

This update resolves a use-after-free vulnerability that could lead to
code execution (CVE-2015-5122).

This update resolves a memory corruption vulnerability that could lead
to code execution (CVE-2015-5123).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16392
• https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123

SRPMS

4/nonfree

• flash-player-plugin-11.2.202.491-1.mga4.nonfree

5/nonfree

• flash-player-plugin-11.2.202.491-1.mga5.nonfree