{
  "schema_version": "1.7.0",
  "id": "MGASA-2016-0228",
  "published": "2016-06-17T05:58:14Z",
  "modified": "2016-06-17T05:52:50Z",
  "summary": "Updated flash-player-plugin packages fix security vulnerabilities",
  "details": "Adobe Flash Player 11.2.202.626 contains fixes to critical security\nvulnerabilities found in earlier versions that could potentially\nallow an attacker to take control of the affected system.\n\nThis update resolves type confusion vulnerabilities that could lead to\ncode execution (CVE-2016-4144, CVE-2016-4149).\n\nThis update resolves use-after-free vulnerabilities that could lead to\ncode execution (CVE-2016-4142, CVE-2016-4143, CVE-2016-4145,\nCVE-2016-4146, CVE-2016-4147, CVE-2016-4148).\n\nThis update resolves heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2016-4135, CVE-2016-4136, CVE-2016-4138).\n\nThis update resolves memory corruption vulnerabilities that could lead\nto code execution (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124,\nCVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130,\nCVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137,\nCVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153,\nCVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171).\n\nThis update resolves a vulnerability in the directory search path used to\nfind resources that could lead to code execution (CVE-2016-4140).\n\nThis update resolves a vulnerability that could be exploited to bypass the\nsame-origin-policy and lead to information disclosure (CVE-2016-4139). \n\nAdobe reports that an exploit for CVE-2016-4171 exists in the wild.\n",
  "upstream": [
    "CVE-2016-4122",
    "CVE-2016-4123",
    "CVE-2016-4124",
    "CVE-2016-4125",
    "CVE-2016-4127",
    "CVE-2016-4128",
    "CVE-2016-4129",
    "CVE-2016-4130",
    "CVE-2016-4131",
    "CVE-2016-4132",
    "CVE-2016-4133",
    "CVE-2016-4134",
    "CVE-2016-4135",
    "CVE-2016-4136",
    "CVE-2016-4137",
    "CVE-2016-4138",
    "CVE-2016-4139",
    "CVE-2016-4140",
    "CVE-2016-4141",
    "CVE-2016-4142",
    "CVE-2016-4143",
    "CVE-2016-4144",
    "CVE-2016-4145",
    "CVE-2016-4146",
    "CVE-2016-4147",
    "CVE-2016-4148",
    "CVE-2016-4149",
    "CVE-2016-4150",
    "CVE-2016-4151",
    "CVE-2016-4152",
    "CVE-2016-4153",
    "CVE-2016-4154",
    "CVE-2016-4155",
    "CVE-2016-4156",
    "CVE-2016-4166",
    "CVE-2016-4171"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2016-0228.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=18720"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "flash-player-plugin",
        "purl": "pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.2.202.626-1.1.mga5.nonfree"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "nonfree"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}