Bug 875577 (CVE-2014-0515) - VUL-0: CVE-2014-0515: flash-player: buffer overflow vulnerability that leads to arbitrary code execution (APSB14-13)
Summary: VUL-0: CVE-2014-0515: flash-player: buffer overflow vulnerability that leads ...
Status: RESOLVED FIXED
Alias: CVE-2014-0515
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Deadline: 2014-05-06
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/98359/
Whiteboard: maint:released:sle11-sp3:57151
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-29 06:48 UTC by Alexander Bergmann
Modified: 2014-05-05 07:19 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2014-04-29 06:48:57 UTC 
Adobe Security Bulletin
Security updates available for Adobe Flash Player

Release date: April 28, 2014
Vulnerability identifier: APSB14-13
Priority: See table below
CVE number: CVE-2014-0515
Platform: All Platforms

Summary
Adobe has released security updates for Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. 


Acknowledgments
Adobe would like to thank Alexander Polyakov of Kaspersky Labs for reporting CVE-2014-0515 and for working with Adobe to help protect our customers.

References:
http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
https://bugzilla.redhat.com/show_bug.cgi?id=1092116
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0515
Comment 1 Swamp Workflow Management 2014-04-29 06:53:12 UTC 
The SWAMPID for this issue is 57150.
This issue was rated as important.
Please submit fixed packages until 2014-05-06.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 SMASH SMASH 2014-04-29 06:55:16 UTC 
Affected packages:

SLE-11-SP3: flash-player
Comment 3 Stanislav Brabec 2014-04-29 15:51:53 UTC 
Submitted:

openSUSE:Factory:NonFree: Created OBS request id 232069.
openSUSE (12.3, 13.1): Created OBS maintenance request id 232070.
SLE11: Created IBS request id 36997.
SLE12: Created IBS request id 36998.
Comment 5 Bernhard Wiedemann 2014-04-29 16:00:16 UTC 
This is an autogenerated message for OBS integration:
This bug (875577) was mentioned in
https://build.opensuse.org/request/show/232069 Factory:NonFree / flash-player
Comment 6 Swamp Workflow Management 2014-04-29 22:00:12 UTC 
bugbot adjusting priority
Comment 7 Swamp Workflow Management 2014-04-30 08:05:48 UTC 
openSUSE-SU-2014:0585-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 875577
CVE References: CVE-2014-0515
Sources used:
Comment 8 Swamp Workflow Management 2014-05-01 19:04:21 UTC 
openSUSE-SU-2014:0589-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 875577
CVE References: CVE-2014-0515
Sources used:
Comment 9 Alexander Bergmann 2014-05-02 15:05:17 UTC 
Fixed and released. Closing bug.
Comment 10 Swamp Workflow Management 2014-05-02 19:47:05 UTC 
Update released for: flash-player, flash-player-gnome, flash-player-kde4
Products:
SLE-DESKTOP 11-SP3 (i386, x86_64)
Comment 11 Swamp Workflow Management 2014-05-02 23:04:24 UTC 
SUSE-SU-2014:0605-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 875577
CVE References: CVE-2014-0515
Sources used:
SUSE Linux Enterprise Desktop 11 SP3 (src):    flash-player-11.2.202.356-0.3.1