{
  "schema_version": "1.7.0",
  "id": "MGASA-2014-0382",
  "published": "2014-09-22T08:31:24Z",
  "modified": "2014-09-22T08:17:43Z",
  "summary": "Updated flash-player-plugin packages fix multiple security vulnerabilities",
  "details": "Adobe Flash Player 11.2.202.406 contains fixes to critical security \nvulnerabilities found in earlier versions that could potentially allow an \nattacker to take control of the affected system.\n\nThis update resolves memory leakage vulnerabilities that could be used to \nbypass memory address randomization (CVE-2014-0557).\n\nThis update resolves a security bypass vulnerability (CVE-2014-0554).\n\nThis update resolves a use-after-free vulnerability that could lead to code \nexecution (CVE-2014-0553).\n\nThis update resolves memory corruption vulnerabilities that could lead to \ncode execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, \nCVE-2014-0552, CVE-2014-0555).\n\nThis update resolves a vulnerability that could be used to bypass the same \norigin policy (CVE-2014-0548).\n\nThis update resolves a heap buffer overflow vulnerability that could lead \nto code execution (CVE-2014-0556, CVE-2014-0559).\n",
  "upstream": [
    "CVE-2014-0547",
    "CVE-2014-0548",
    "CVE-2014-0549",
    "CVE-2014-0550",
    "CVE-2014-0551",
    "CVE-2014-0552",
    "CVE-2014-0553",
    "CVE-2014-0554",
    "CVE-2014-0555",
    "CVE-2014-0556",
    "CVE-2014-0557",
    "CVE-2014-0559"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2014-0382.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=14096"
    },
    {
      "type": "WEB",
      "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:3",
        "name": "flash-player-plugin",
        "purl": "pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-3"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.2.202.406-1.mga3.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "flash-player-plugin",
        "purl": "pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.2.202.406-1.mga4.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}