Advisories » MGASA-2014-0091

Updated flash-player-plugin package fixes security vulnerabilities

Publication date: 21 Feb 2014
Modification date: 21 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0498 , CVE-2014-0499 , CVE-2014-0502

Description

Adobe Flash Player 11.2.202.341 contains fixes to critical security
vulnerabilities found in earlier versions that could cause a crash and
potentially allow an attacker to remotely take control of the affected system.

This update resolves a stack overflow vulnerability that could result
in arbitrary code execution (CVE-2014-0498).

This update resolves a memory leak vulnerability that could be used to defeat
memory address layout randomization (CVE-2014-0499).

This update resolves a double free vulnerability that could result
in arbitrary code execution (CVE-2014-0502).

Adobe is aware of reports that CVE-2014-0502 is being exploited in the wild.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12836
• http://helpx.adobe.com/security/products/flash-player/apsb14-07.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0498
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0499
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502

SRPMS

4/nonfree

• flash-player-plugin-11.2.202.341-1.mga4.nonfree

3/nonfree

• flash-player-plugin-11.2.202.341-1.mga3.nonfree