{
  "schema_version": "1.7.0",
  "id": "MGASA-2015-0273",
  "published": "2015-07-09T08:09:20Z",
  "modified": "2015-07-09T07:58:20Z",
  "summary": "Updated flash-player-plugin package fixes critical security vulnerabilities",
  "details": "Adobe Flash Player 11.2.202.481 contains fixes to critical security\nvulnerabilities found in earlier versions that could potentially allow an\nattacker to take control of the affected system.\n\nAdobe is aware of a report that an exploit targeting CVE-2015-5119 has\nbeen publicly published. \n\nThis updates resolves heap buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118).\n\nThis updates resolves memory corruption vulnerabilities that could lead to\ncode execution (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130,\nCVE-2015-3133, CVE-2015-3134, CVE-2015-4431).\n\nThis updates resolves null pointer dereference issues (CVE-2015-3126,\nCVE-2015-4429).\n\nThis updates resolves a security bypass vulnerability that could lead to\ninformation disclosure (CVE-2015-3114).\n\nThis updates resolves type confusion vulnerabilities that could lead to\ncode execution (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121,\nCVE-2015-3122, CVE-2015-4433).\n\nThis updates resolves use-after-free vulnerabilities that could lead to\ncode execution (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117,\nCVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132,\nCVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119).\n\nThis updates resolves vulnerabilities that could be exploited to bypass\nthe same-origin-policy and lead to information disclosure (CVE-2014-0578,\nCVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116).\n",
  "upstream": [
    "CVE-2014-0578",
    "CVE-2015-3114",
    "CVE-2015-3115",
    "CVE-2015-3116",
    "CVE-2015-3117",
    "CVE-2015-3118",
    "CVE-2015-3119",
    "CVE-2015-3120",
    "CVE-2015-3121",
    "CVE-2015-3122",
    "CVE-2015-3123",
    "CVE-2015-3124",
    "CVE-2015-3125",
    "CVE-2015-3126",
    "CVE-2015-3127",
    "CVE-2015-3128",
    "CVE-2015-3129",
    "CVE-2015-3130",
    "CVE-2015-3131",
    "CVE-2015-3132",
    "CVE-2015-3133",
    "CVE-2015-3134",
    "CVE-2015-3135",
    "CVE-2015-3136",
    "CVE-2015-3137",
    "CVE-2015-4428",
    "CVE-2015-4429",
    "CVE-2015-4430",
    "CVE-2015-4431",
    "CVE-2015-4432",
    "CVE-2015-4433",
    "CVE-2015-5116",
    "CVE-2015-5117",
    "CVE-2015-5118",
    "CVE-2015-5119"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2015-0273.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=16325"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "flash-player-plugin",
        "purl": "pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.2.202.481-1.mga4.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "flash-player-plugin",
        "purl": "pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.2.202.481-1.mga5.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}