|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0291 (flash-player-plugin)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0291: Updated flash-player-plugin packages fix multiple vulnerabilities 


Date:
    	      Thu, 10 Jul 2014 01:21:44 +0200


Message-ID:
    	      <20140709232144.573EF5C39C@valstar.mageia.org>


MGASA-2014-0291 - Updated flash-player-plugin packages fix multiple vulnerabilities

Publication date: 09 Jul 2014
URL: http://advisories.mageia.org/MGASA-2014-0291.html
Type: security
Affected Mageia releases: 3, 4
CVE: CVE-2014-4671,
     CVE-2014-0537,
     CVE-2014-0539

Description:
Adobe Flash Player 11.2.202.394 contains fixes to critical security 
vulnerabilities found in earlier versions that could potentially allow an 
attacker to take control of the affected system.

This update includes additional validation checks to ensure that Flash Player
rejects malicious content from vulnerable JSONP callback APIs (CVE-2014-4671).

This update resolves security bypass vulnerabilities 
(CVE-2014-0537, CVE-2014-0539).

References:
- http://helpx.adobe.com/security/products/flash-player/aps...
- https://bugs.mageia.org/show_bug.cgi?id=13706
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4671
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0537
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0539

SRPMS:
- 4/nonfree/flash-player-plugin-11.2.202.394-1.mga4
- 3/nonfree/flash-player-plugin-11.2.202.394-1.mga3
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds