{
  "schema_version": "1.7.0",
  "id": "MGASA-2015-0054",
  "published": "2015-02-06T16:51:41Z",
  "modified": "2015-02-06T16:50:14Z",
  "summary": "Updated flash-player-plugin packages fix security vulnerabilities",
  "details": "Adobe Flash Player 11.2.202.442 contains fixes to critical security \nvulnerabilities found in earlier versions that could cause a crash and \npotentially allow an attacker to take control of the affected system.\n\nThis update resolves use-after-free vulnerabilities that could lead to \ncode execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, \nCVE-2015-0322). \n\nThis update resolves memory corruption vulnerabilities that could lead to \ncode execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, \nCVE-2015-0329, CVE-2015-0330). \n\nThis update resolves type confusion vulnerabilities that could lead to \ncode execution (CVE-2015-0317, CVE-2015-0319). \n\nThis update resolves heap buffer overflow vulnerabilities that could lead \nto code execution (CVE-2015-0323, CVE-2015-0327). \n\nThis update resolves a buffer overflow vulnerability that could lead to \ncode execution (CVE-2015-0324). \n\nThis update resolves null pointer dereference issues (CVE-2015-0325, \nCVE-2015-0326, CVE-2015-0328).\n\nAdobe reports that CVE-2015-0313 is already being actively exploited in the \nwild via drive-by-download attacks against systems running Internet \nExplorer and Firefox on Windows, but it also reports that this specific \nvulnerability is not exploitable on any Flash Player version 11.x or older, \nwhich is what is provided on Mageia 4.\n",
  "upstream": [
    "CVE-2015-0313",
    "CVE-2015-0314",
    "CVE-2015-0315",
    "CVE-2015-0316",
    "CVE-2015-0317",
    "CVE-2015-0318",
    "CVE-2015-0319",
    "CVE-2015-0320",
    "CVE-2015-0321",
    "CVE-2015-0322",
    "CVE-2015-0323",
    "CVE-2015-0324",
    "CVE-2015-0325",
    "CVE-2015-0326",
    "CVE-2015-0327",
    "CVE-2015-0328",
    "CVE-2015-0329"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2015-0054.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=15207"
    },
    {
      "type": "WEB",
      "url": "http://helpx.adobe.com/security/products/flash-player/apsb15-04.html"
    },
    {
      "type": "WEB",
      "url": "http://helpx.adobe.com/security/products/flash-player/apsa15-02.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "flash-player-plugin",
        "purl": "pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.2.202.442-1.mga4.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}