|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0134 (flash-player-plugin)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0134: Updated flash-player-plugin packages fix security vulnerability 


Date:
    	      Fri, 8 Apr 2016 08:17:54 +0200


Message-ID:
    	      <20160408061754.135699F640@duvel.mageia.org>


MGASA-2016-0134 - Updated flash-player-plugin packages fix security vulnerability

Publication date: 08 Apr 2016
URL: http://advisories.mageia.org/MGASA-2016-0134.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-1006,
     CVE-2016-1011,
     CVE-2016-1012,
     CVE-2016-1013,
     CVE-2016-1014,
     CVE-2016-1015,
     CVE-2016-1016,
     CVE-2016-1017,
     CVE-2016-1018,
     CVE-2016-1019,
     CVE-2016-1020,
     CVE-2016-1021,
     CVE-2016-1022,
     CVE-2016-1023,
     CVE-2016-1024,
     CVE-2016-1025,
     CVE-2016-1026,
     CVE-2016-1027,
     CVE-2016-1028,
     CVE-2016-1029,
     CVE-2016-1030,
     CVE-2016-1031,
     CVE-2016-1032,
     CVE-2016-1033

Description:
Adobe Flash Player 11.2.202.616 contains fixes to critical security
vulnerabilities found in earlier versions that could potentially allow
an attacker to take control of the affected system.

This update hardens a mitigation against JIT spraying attacks that could
be used to bypass memory layout randomization mitigations (CVE-2016-1006).

This update resolves type confusion vulnerabilities that could lead to code
execution (CVE-2016-1015, CVE-2016-1019).

This update resolves use-after-free vulnerabilities that could lead to code
execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1031).

This update resolves memory corruption vulnerabilities that could lead to code
execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,
CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027,
CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033).

This update resolves a stack overflow vulnerability that could lead to code
execution (CVE-2016-1018).

This update resolves a security bypass vulnerability (CVE-2016-1030).

This update resolves a vulnerability in the directory search path used to find
resources that could lead to code execution (CVE-2016-1014).

Adobe reports that CVE-2016-1019 is already being actively exploited on Windows
systems.

References:
- https://bugs.mageia.org/show_bug.cgi?id=18158
- https://helpx.adobe.com/security/products/flash-player/ap...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1006
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1014
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1016
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1017
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1018
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1019
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1020
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1022
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1023
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1024
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1025
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1026
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1027
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1028
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1030
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1031
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1033
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1006
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1011
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1012
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1013
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1014
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1015
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1016
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1017
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1018
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1019
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1020
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1021
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1022
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1023
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1024
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1025
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1026
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1027
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1028
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1029
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1030
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1031
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1032
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1033

SRPMS:
- 5/nonfree/flash-player-plugin-11.2.202.616-1.mga5.nonfree
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds