{ "schema_version": "1.7.0", "id": "MGASA-2014-0521", "published": "2014-12-09T20:12:41Z", "modified": "2014-12-09T20:04:34Z", "summary": "Updated flash-player-plugin packages fix multiple security vulnerabilities", "details": "Adobe Flash Player 11.2.202.425 contains fixes to critical security \nvulnerabilities found in earlier versions that could potentially allow an \nattacker to take control of the affected system.\n\nThis update resolves memory corruption vulnerabilities that could lead to \ncode execution (CVE-2014-0587, CVE-2014-9164).\n\nThis update resolves a use-after-free vulnerability that could lead to code \nexecution (CVE-2014-8443).\n\nThis update resolves a stack-based buffer overflow vulnerability that could \nlead to code execution (CVE-2014-9163).\n\nThis update resolves an information disclosure vulnerability \n(CVE-2014-9162).\n\nThis update resolves a vulnerability that could be exploited to circumvent \nthe same-origin policy (CVE-2014-0580). \n", "upstream": [ "CVE-2014-0580", "CVE-2014-0587", "CVE-2014-8443", "CVE-2014-9162", "CVE-2014-9163", "CVE-2014-9164" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2014-0521.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=14763" }, { "type": "WEB", "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html" } ], "affected": [ { "package": { "ecosystem": "Mageia:4", "name": "flash-player-plugin", "purl": "pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "11.2.202.425-1.mga4.nonfree" } ] } ], "ecosystem_specific": { "section": "nonfree" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }