{
  "schema_version": "1.7.0",
  "id": "MGASA-2015-0248",
  "published": "2015-06-24T05:58:28Z",
  "modified": "2015-06-24T05:56:49Z",
  "summary": "Updated flash-player-plugin package fixes security vulnerability",
  "details": "Adobe Flash Player 11.2.202.468 contains fixes to critical security\nvulnerabilities found in earlier versions that could cause a crash and\npotentially allow an attacker to take control of the affected system.\n\nAdobe is aware of reports that CVE-2015-3113 is being actively exploited in\nthe wild via limited, targeted attacks. Systems running Internet Explorer\nfor Windows 7 and below, as well as Firefox on Windows XP, are known targets.\n\nThis update resolves a heap buffer overflow vulnerability that could lead to\ncode execution (CVE-2015-3113).\n\nThis update resolves a vulnerability (CVE-2015-3096) that could be exploited\nto bypass the fix for CVE-2014-5333.\n\nThis update resolves vulnerabilities that could be exploited to bypass the\nsame-origin-policy and lead to information disclosure (CVE-2015-3098,\nCVE-2015-3099, CVE-2015-3102).\n\nThis update resolves a stack overflow vulnerability that could lead to code\nexecution (CVE-2015-3100).\n\nThis update resolves a permission issue in the Flash broker for Internet\nExplorer that could be exploited to perform privilege escalation from low to\nmedium integrity level (CVE-2015-3101).    \n\nThis update resolves an integer overflow vulnerability that could lead to\ncode execution (CVE-2015-3104).\n\nThis update resolves a memory corruption vulnerability that could lead to\ncode execution (CVE-2015-3105).\n\nThis update resolves use-after-free vulnerabilities that could lead to\ncode execution (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107).\n\nThis update resolves a memory leak vulnerability that could be used to\nbypass ASLR (CVE-2015-3108).\n",
  "upstream": [
    "CVE-2015-3096",
    "CVE-2015-3098",
    "CVE-2015-3099",
    "CVE-2015-3100",
    "CVE-2015-3101",
    "CVE-2015-3102",
    "CVE-2015-3103",
    "CVE-2015-3104",
    "CVE-2015-3105",
    "CVE-2015-3106",
    "CVE-2015-3107",
    "CVE-2015-3108",
    "CVE-2015-3113"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2015-0248.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=16139"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-14.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "flash-player-plugin",
        "purl": "pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.2.202.468-1.mga4.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "flash-player-plugin",
        "purl": "pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.2.202.468-1.mga5.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}