Updated flash-player-plugin packages fix security vulnerabilities
Publication date: 08 Apr 2016Modification date: 08 Apr 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1006 , CVE-2016-1011 , CVE-2016-1012 , CVE-2016-1013 , CVE-2016-1014 , CVE-2016-1015 , CVE-2016-1016 , CVE-2016-1017 , CVE-2016-1018 , CVE-2016-1019 , CVE-2016-1020 , CVE-2016-1021 , CVE-2016-1022 , CVE-2016-1023 , CVE-2016-1024 , CVE-2016-1025 , CVE-2016-1026 , CVE-2016-1027 , CVE-2016-1028 , CVE-2016-1029 , CVE-2016-1030 , CVE-2016-1031 , CVE-2016-1032 , CVE-2016-1033
Description
Adobe Flash Player 11.2.202.616 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update hardens a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations (CVE-2016-1006). This update resolves type confusion vulnerabilities that could lead to code execution (CVE-2016-1015, CVE-2016-1019). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, CVE-2016-1031). This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033). This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2016-1018). This update resolves a security bypass vulnerability (CVE-2016-1030). This update resolves a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-1014). Adobe reports that CVE-2016-1019 is already being actively exploited on Windows systems.
References
- https://bugs.mageia.org/show_bug.cgi?id=18158
- https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1006
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1014
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1016
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1017
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1018
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1019
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1020
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1022
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1023
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1024
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1025
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1026
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1027
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1028
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1030
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1031
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1033
SRPMS
5/nonfree
- flash-player-plugin-11.2.202.616-1.mga5.nonfree