862288 – (CVE-2014-0497) VUL-0: CVE-2014-0497: flash-player: critical remote execution flaw (APSB14-04)

Bug 862288 (CVE-2014-0497) - VUL-0: CVE-2014-0497: flash-player: critical remote execution flaw (APSB14-04)

Summary: VUL-0: CVE-2014-0497: flash-player: critical remote execution flaw (APSB14-04)

Status:	RESOLVED FIXED
Duplicates (1):	862220 (view as bug list)

Alias:	CVE-2014-0497

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Deadline:	2014-02-12
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp2:56134 maint...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-02-05 08:09 UTC by Alexander Bergmann
Modified:	2014-02-21 22:00 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2014-02-05 08:09:54 UTC

Adobe Vulnerability Identifier: APSB14-04

Summary
-------
Adobe has released security updates for Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system.

* Users of Adobe Flash Player 11.2.202.335 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.336.

CVE-2014-0497 was assigned to this issue.


References:
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0497
https://bugzilla.redhat.com/show_bug.cgi?id=1061469

Comment 1 Swamp Workflow Management 2014-02-05 08:18:15 UTC

The SWAMPID for this issue is 56133.
This issue was rated as important.
Please submit fixed packages until 2014-02-12.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 2 Stanislav Brabec 2014-02-05 19:33:56 UTC

openSUSE 12.3, 13.1: Created OBS maintenance request id 221045
SLE 11: created IBS request id 31754
openSUSE:Factory:NonFree: created OBS request id 221047

Comment 4 Bernhard Wiedemann 2014-02-05 20:00:18 UTC

This is an autogenerated message for OBS integration:
This bug (862288) was mentioned in
https://build.opensuse.org/request/show/221047 Factory:NonFree / flash-player

Comment 5 Swamp Workflow Management 2014-02-05 23:02:59 UTC

bugbot adjusting priority

Comment 6 Swamp Workflow Management 2014-02-06 18:04:31 UTC

openSUSE-SU-2014:0203-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 862288
CVE References: CVE-2014-0497
Sources used:

Comment 7 Marcus Meissner 2014-02-11 10:48:23 UTC

released

Comment 8 Swamp Workflow Management 2014-02-11 13:08:38 UTC

Update released for: flash-player, flash-player-gnome, flash-player-kde4
Products:
SLE-DESKTOP 11-SP2 (i386, x86_64)

Comment 9 Swamp Workflow Management 2014-02-11 14:47:51 UTC

Update released for: flash-player, flash-player-gnome, flash-player-kde4
Products:
SLE-DESKTOP 11-SP3 (i386, x86_64)

Comment 10 Stanislav Brabec 2014-02-11 15:39:52 UTC

*** Bug 862220 has been marked as a duplicate of this bug. ***

Comment 11 Swamp Workflow Management 2014-02-11 18:04:44 UTC

SUSE-SU-2014:0221-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 862288
CVE References: CVE-2014-0497
Sources used:
SUSE Linux Enterprise Desktop 11 SP3 (src):    flash-player-11.2.202.336-0.3.1
SUSE Linux Enterprise Desktop 11 SP2 (src):    flash-player-11.2.202.336-0.3.1