Advisories » MGASA-2014-0128

Updated flash-player-plugin packages fix security vulnerabilities

Publication date: 12 Mar 2014
Modification date: 12 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0503 , CVE-2014-0504

Description

Adobe Flash Player 11.2.202.346 contains fixes to important vulnerabilities
found in earlier versions that could allow a remote attacker to bypass security
restrictions or to access sensitive information.

This update resolves a vulnerability that could be used to bypass the same 
origin policy (CVE-2014-0503).

This update resolves a vulnerability that could be used to read the contents
of the clipboard (CVE-2014-0504).
                

References

• http://helpx.adobe.com/security/products/flash-player/apsb14-08.html
• https://bugs.mageia.org/show_bug.cgi?id=12997
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0503
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0504

SRPMS

4/nonfree

• flash-player-plugin-11.2.202.346-1.mga4.nonfree

3/nonfree

• flash-player-plugin-11.2.202.346-1.mga3.nonfree