Advisories ยป MGASA-2015-0054

Updated flash-player-plugin packages fix security vulnerabilities

Publication date: 06 Feb 2015
Modification date: 06 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0313 , CVE-2015-0314 , CVE-2015-0315 , CVE-2015-0316 , CVE-2015-0317 , CVE-2015-0318 , CVE-2015-0319 , CVE-2015-0320 , CVE-2015-0321 , CVE-2015-0322 , CVE-2015-0323 , CVE-2015-0324 , CVE-2015-0325 , CVE-2015-0326 , CVE-2015-0327 , CVE-2015-0328 , CVE-2015-0329

Description

Adobe Flash Player 11.2.202.442 contains fixes to critical security 
vulnerabilities found in earlier versions that could cause a crash and 
potentially allow an attacker to take control of the affected system.

This update resolves use-after-free vulnerabilities that could lead to 
code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, 
CVE-2015-0322). 

This update resolves memory corruption vulnerabilities that could lead to 
code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, 
CVE-2015-0329, CVE-2015-0330). 

This update resolves type confusion vulnerabilities that could lead to 
code execution (CVE-2015-0317, CVE-2015-0319). 

This update resolves heap buffer overflow vulnerabilities that could lead 
to code execution (CVE-2015-0323, CVE-2015-0327). 

This update resolves a buffer overflow vulnerability that could lead to 
code execution (CVE-2015-0324). 

This update resolves null pointer dereference issues (CVE-2015-0325, 
CVE-2015-0326, CVE-2015-0328).

Adobe reports that CVE-2015-0313 is already being actively exploited in the 
wild via drive-by-download attacks against systems running Internet 
Explorer and Firefox on Windows, but it also reports that this specific 
vulnerability is not exploitable on any Flash Player version 11.x or older, 
which is what is provided on Mageia 4.
                

References

SRPMS

4/nonfree