{
  "schema_version": "1.7.0",
  "id": "MGASA-2014-0448",
  "published": "2014-11-14T01:27:45Z",
  "modified": "2014-11-14T01:22:36Z",
  "summary": "Updated flash-player-plugin packages fix multiple security vulnerabilities",
  "details": "Adobe Flash Player 11.2.202.418 contains fixes to critical security \nvulnerabilities found in earlier versions that could potentially allow an \nattacker to take control of the affected system.\n\nThis update resolves memory corruption vulnerabilities that could lead to \ncode execution (CVE-2014-0558, CVE-2014-0564, CVE-2014-0576, CVE-2014-0581, \nCVE-2014-8440, CVE-2014-8441).\n\nThis update resolves an integer overflow vulnerability that could lead to \ncode execution (CVE-2014-0569).\n\nThis update resolves use-after-free vulnerabilities that could lead to code \nexecution (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).\n\nThis update resolves a double free vulnerability that could lead to code \nexecution (CVE-2014-0574).\n\nThis update resolves type confusion vulnerabilities that could lead to code \nexecution (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, \nCVE-2014-0590).\n\nThis update resolves heap buffer overflow vulnerabilities that could lead \nto code execution (CVE-2014-0582, CVE-2014-0589).\n\nThis update resolves an information disclosure vulnerability that could be \nexploited to disclose session tokens (CVE-2014-8437).\n\nThis update resolves a heap buffer overflow vulnerability that could be \nexploited to perform privilege escalation from low to medium integrity \nlevel (CVE-2014-0583). \n\nThis update resolves a permission issue that could be exploited to perform \nprivilege escalation from low to medium integrity level (CVE-2014-8442).\n",
  "upstream": [
    "CVE-2014-0558",
    "CVE-2014-0564",
    "CVE-2014-0569",
    "CVE-2014-0573",
    "CVE-2014-0574",
    "CVE-2014-0576",
    "CVE-2014-0577",
    "CVE-2014-0581",
    "CVE-2014-0582",
    "CVE-2014-0583",
    "CVE-2014-0584",
    "CVE-2014-0585",
    "CVE-2014-0586",
    "CVE-2014-0588",
    "CVE-2014-0589",
    "CVE-2014-0590",
    "CVE-2014-8437",
    "CVE-2014-8438",
    "CVE-2014-8440",
    "CVE-2014-8441",
    "CVE-2014-8442"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2014-0448.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=14506"
    },
    {
      "type": "WEB",
      "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-22.html"
    },
    {
      "type": "WEB",
      "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:3",
        "name": "flash-player-plugin",
        "purl": "pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-3"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.2.202.418-1.mga3.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "flash-player-plugin",
        "purl": "pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.2.202.418-1.mga4.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}