Updated flash-player-plugin packages fix security vulnerability
Publication date: 12 Mar 2017Modification date: 12 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-2982 , CVE-2017-2984 , CVE-2017-2985 , CVE-2017-2986 , CVE-2017-2987 , CVE-2017-2988 , CVE-2017-2990 , CVE-2017-2991 , CVE-2017-2992 , CVE-2017-2993 , CVE-2017-2994 , CVE-2017-2995 , CVE-2017-2996
Description
flash-player-plugin update fixes the following issues:
* A type confusion vulnerability that could lead to code execution
(CVE-2017-2995).
* An integer overflow vulnerability that could lead to code execution
(CVE-2017-2987).
* Use-after-free vulnerabilities that could lead to code execution
(CVE-2017-2982, CVE-2017-2985, CVE-2017-2993, CVE-2017-2994).
* Heap buffer overflow vulnerabilities that could lead to code execution
(CVE-2017- 2984, CVE-2017-2986, CVE-2017-2992).
* Memory corruption vulnerabilities that could lead to code execution
(CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2996).
References
- https://bugs.mageia.org/show_bug.cgi?id=20293
- https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2982
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2984
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2986
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2987
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2988
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2990
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2991
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2992
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2993
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2994
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2995
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2996
SRPMS
5/nonfree
- flash-player-plugin-24.0.0.221-1.mga5.nonfree