Advisories » MGASA-2014-0029

Updated flash-player-plugin fixes security vulnerabilities

Publication date: 24 Jan 2014
Modification date: 17 Jan 2022
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-0491 , CVE-2014-0492

Description

Adobe Flash Player 11.2.202.335 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could cause a
crash and potentially allow an attacker to take control of the affected system.

This update resolves a vulnerability that could be used to bypass Flash Player
security protections (CVE-2014-0491).

This update resolves an address leak vulnerability that could be used to defeat
memory address layout randomization (CVE-2014-0492).
                

References

• http://helpx.adobe.com/security/products/flash-player/apsb14-02.html
• https://bugs.mageia.org/show_bug.cgi?id=12395
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0491
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0492

SRPMS

3/nonfree

• flash-player-plugin-11.2.202.335-1.mga3.nonfree