Bug 858822 (CVE-2014-0491) - VUL-0: flash-player: CVE-2014-0491, CVE-2014-0492: security protection bypass
Summary: VUL-0: flash-player: CVE-2014-0491, CVE-2014-0492: security protection bypass
Status: RESOLVED FIXED
Alias: CVE-2014-0491
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2014-01-30
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp2:55887 maint:...
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-15 08:45 UTC by Sebastian Krahmer
Modified: 2014-02-21 22:00 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2014-01-15 08:45:54 UTC 
References:

https://bugzilla.redhat.com/show_bug.cgi?id=1053233
https://bugzilla.redhat.com/show_bug.cgi?id=1053235

CVE-2014-0491, CVE-2014-0492
Comment 1 Stanislav Brabec 2014-01-15 19:58:06 UTC 
Submitted:

SLE10: created IBS request id 30646
SLE11: created IBS request id 30647
openSUSE 12.3 and 13.1: created OBS maintenance request id 214051
openSUSE:Factory:NonFree: created OBS request id 214052 to multimedia:apps
Comment 3 Swamp Workflow Management 2014-01-15 23:00:24 UTC 
bugbot adjusting priority
Comment 4 Bernhard Wiedemann 2014-01-16 10:00:16 UTC 
This is an autogenerated message for OBS integration:
This bug (858822) was mentioned in
https://build.opensuse.org/request/show/214073 Factory:NonFree / flash-player
Comment 5 Swamp Workflow Management 2014-01-16 12:37:57 UTC 
The SWAMPID for this issue is 55886.
This issue was rated as moderate.
Please submit fixed packages until 2014-01-30.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 8 Swamp Workflow Management 2014-01-21 12:46:43 UTC 
Update released for: flash-player, flash-player-gnome, flash-player-kde4
Products:
SLE-DESKTOP 11-SP2 (i386, x86_64)
Comment 9 Swamp Workflow Management 2014-01-21 15:07:36 UTC 
Update released for: flash-player, flash-player-gnome, flash-player-kde4
Products:
SLE-DESKTOP 11-SP3 (i386, x86_64)
Comment 10 Swamp Workflow Management 2014-01-21 19:04:57 UTC 
SUSE-SU-2014:0116-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 858822
CVE References: CVE-2014-0491,CVE-2014-0492
Sources used:
SUSE Linux Enterprise Desktop 11 SP3 (src):    flash-player-11.2.202.335-0.4.1
SUSE Linux Enterprise Desktop 11 SP2 (src):    flash-player-11.2.202.335-0.4.1
Comment 11 Swamp Workflow Management 2014-01-24 20:04:36 UTC 
openSUSE-SU-2014:0126-1: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 858822
CVE References: CVE-2014-0491,CVE-2014-0492
Sources used:
Comment 12 Swamp Workflow Management 2014-01-24 22:04:21 UTC 
openSUSE-SU-2014:0128-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 858822
CVE References: CVE-2014-0491,CVE-2014-0492
Sources used:
Comment 13 Marcus Meissner 2014-01-24 23:10:40 UTC 
released