Advisories » MGASA-2014-0035

Updated flash-player-plugin packages fix CVE-2014-0497

Publication date: 05 Feb 2014
Modification date: 05 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0497

Description

Adobe Flash Player 11.2.202.336 contains a fix to a critical security
vulnerability found in earlier versions that could cause a crash and
potentially allow an attacker to remotely take control of the affected
system.

This update resolves an integer underflow vulnerability that could be
exploited to execute arbitrary code on the affected system (CVE-2014-0497).

Adobe is aware of reports that an exploit for this vulnerability exists
in the wild.
                

References

• http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
• https://bugs.mageia.org/show_bug.cgi?id=12581
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0497

SRPMS

4/nonfree

• flash-player-plugin-11.2.202.336-1.mga4.nonfree

3/nonfree

• flash-player-plugin-11.2.202.336-1.mga3.nonfree