LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2013-0051 (flash-player-plugin)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0051:
 flash-player-plugin-11.2.202.270-1.mga2.nonfree (2/nonfree) 


Date:
    	      Wed, 13 Feb 2013 01:02:13 +0100


Message-ID:
    	      <20130213000213.GA2716@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2013-0051
Date: 	February 13th, 2013
Affected releases: 	2
Media: 	Nonfree


Description:
Adobe Flash Player 11.2.202.270 contains fixes to critical security
vulnerabilities found in earlier versions. These vulnerabilities could
cause a crash and potentially allow an attacker to take control of the
affected system.

This update resolves buffer overflow vulnerabilities that could lead to
code execution (CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369,
CVE-2013-1370, CVE-2013-1366, CVE-2013-1365, CVE-2013-1368, CVE-2013-0642,
CVE-2013-1367).

This update resolves use-after-free vulnerabilities that could lead to code
execution (CVE-2013-0649, CVE-2013-1374, CVE-2013-0644).

This update resolves an integer overflow vulnerability that could lead to
code execution (CVE-2013-0639).

This update resolves memory corruption vulnerabilities that could lead to
code execution (CVE-2013-0638, CVE-2013-0647).

This update resolves a vulnerability that could result in information
disclosure (CVE-2013-0637).


Updated Packages:
i586:
flash-player-plugin-11.2.202.270-1.mga2.nonfree.i586.rpm
flash-player-plugin-kde-11.2.202.270-1.mga2.nonfree.i586.rpm

x86_64:
flash-player-plugin-11.2.202.270-1.mga2.nonfree.x86_64.rpm
flash-player-plugin-kde-11.2.202.270-1.mga2.nonfree.x86_64.rpm

SRPMS:
flash-player-plugin-11.2.202.270-1.mga2.nonfree.src.rpm


References:
http://www.adobe.com/support/security/bulletins/apsb13-05...
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1374
https://bugs.mageia.org/show_bug.cgi?id=9049
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds