Bug 854881 (CVE-2013-5331) - VUL-0: CVE-2013-5331 CVE-2013-5332: flash-plugin: multiple code execution flaws (APSB13-28)
Summary: VUL-0: CVE-2013-5331 CVE-2013-5332: flash-plugin: multiple code execution fla...
Status: RESOLVED FIXED
Alias: CVE-2013-5331
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P1 - Urgent : Major
Target Milestone: ---
Deadline: 2013-12-19
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:running:55419:important maint:r...
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-11 08:17 UTC by Sebastian Krahmer
Modified: 2015-02-18 20:35 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2013-12-11 23:00:36 UTC 
bugbot adjusting priority
Comment 2 Alexander Bergmann 2013-12-12 11:40:26 UTC 
http://helpx.adobe.com/security/products/flash-player/apsb13-28.html

Raised Severity/Priority because of remote execution problem.
Comment 3 Swamp Workflow Management 2013-12-12 11:41:19 UTC 
The SWAMPID for this issue is 55419.
This issue was rated as important.
Please submit fixed packages until 2013-12-19.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 4 Swamp Workflow Management 2013-12-12 11:41:30 UTC 
The SWAMPID for this issue is 55420.
This issue was rated as important.
Please submit fixed packages until 2013-12-19.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 5 Swamp Workflow Management 2013-12-12 11:41:43 UTC 
The SWAMPID for this issue is 55421.
This issue was rated as important.
Please submit fixed packages until 2013-12-19.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 6 Stanislav Brabec 2013-12-12 18:42:12 UTC 
Fix submitted:

openSUSE: OBS maintenance request 210716
openSUSE Factory: OBS request id 210718 to multimedia:apps.
SLE11: IBS request id 30128
SLE10: IBS request id 30129 (Note: Previous two updates were not yet published!)
Comment 8 Bernhard Wiedemann 2013-12-13 10:00:34 UTC 
This is an autogenerated message for OBS integration:
This bug (854881) was mentioned in
https://build.opensuse.org/request/show/210762 Factory:NonFree / flash-player
Comment 9 Swamp Workflow Management 2013-12-16 18:49:16 UTC 
Update released for: flash-player, flash-player-gnome, flash-player-kde4
Products:
SLE-DESKTOP 11-SP3 (i386, x86_64)
Comment 10 Swamp Workflow Management 2013-12-16 19:45:43 UTC 
Update released for: flash-player, flash-player-gnome, flash-player-kde4
Products:
SLE-DESKTOP 11-SP2 (i386, x86_64)
Comment 11 Swamp Workflow Management 2013-12-17 00:04:44 UTC 
openSUSE-SU-2013:1898-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 854881
CVE References: CVE-2013-5331,CVE-2013-5332
Sources used:
Comment 12 Marcus Meissner 2013-12-19 10:08:37 UTC 
all released I think.
Comment 13 Swamp Workflow Management 2013-12-19 13:04:26 UTC 
openSUSE-SU-2013:1915-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 854881
CVE References: CVE-2013-5331,CVE-2013-5332
Sources used:
Comment 14 Forgotten User dk0E18_Mkw 2013-12-19 19:57:41 UTC 
openSUSE-2013-992 - update for flash-player (flash-player-kde4) cannot solve dependencies on openSUSE 13.1 KDE-4.11.3 (using kdebase4-runtime - 4.11.3-50.8)   because nothing is able to provide kdebase4-runtime - 4.11.97.

Reference: https://bugzilla.novell.com/show_bug.cgi?id=856344