Advisories » MGASA-2014-0291

Updated flash-player-plugin packages fix multiple vulnerabilities

Publication date: 09 Jul 2014
Modification date: 17 Jan 2022
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4671 , CVE-2014-0537 , CVE-2014-0539

Description

Adobe Flash Player 11.2.202.394 contains fixes to critical security 
vulnerabilities found in earlier versions that could potentially allow an 
attacker to take control of the affected system.

This update includes additional validation checks to ensure that Flash Player
rejects malicious content from vulnerable JSONP callback APIs (CVE-2014-4671).

This update resolves security bypass vulnerabilities 
(CVE-2014-0537, CVE-2014-0539).
                

References

• http://helpx.adobe.com/security/products/flash-player/apsb14-17.html
• https://bugs.mageia.org/show_bug.cgi?id=13706
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4671
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0537
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0539

SRPMS

4/nonfree

• flash-player-plugin-11.2.202.394-1.mga4.nonfree

3/nonfree

• flash-player-plugin-11.2.202.394-1.mga3.nonfree