877649 – (CVE-2014-0516) VUL-0: CVE-2014-0516: flash-plugin: same origin policy bypass (APSB14-14)

Bug 877649 (CVE-2014-0516) - VUL-0: CVE-2014-0516: flash-plugin: same origin policy bypass (APSB14-14)

Summary: VUL-0: CVE-2014-0516: flash-plugin: same origin policy bypass (APSB14-14)

Status:	RESOLVED FIXED

Alias:	CVE-2014-0516

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Deadline:	2014-05-21
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/98738/
Whiteboard:	maint:released:sle11-sp3:57437
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-05-14 07:49 UTC by Sebastian Krahmer
Modified:	2015-02-19 01:50 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2014-05-14 07:49:01 UTC

rh#1097372



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1097372
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0516

Comment 1 Sebastian Krahmer 2014-05-14 07:52:05 UTC

As this is binary blobbed, we can also add the remaining CVE's
to this BZ:

CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 flash-plugin: security protection bypass (APSB14-14)

http://helpx.adobe.com/security/products/flash-player/apsb14-14.html

Comment 2 Swamp Workflow Management 2014-05-14 12:11:47 UTC

The SWAMPID for this issue is 57410.
This issue was rated as important.
Please submit fixed packages until 2014-05-21.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 3 SMASH SMASH 2014-05-14 12:15:15 UTC

Affected packages:

SLE-11-SP3: flash-player

Comment 4 Stanislav Brabec 2014-05-14 21:51:48 UTC

Submitted:

openSUSE:Factory:NonFree: Created OBS request id 234106.
openSUSE (12.3, 13.1): Created OBS maintenance request id 234104.
SLE11: Created IBS request id 37910.
SLE12: Created IBS request id 37911.

Comment 6 Bernhard Wiedemann 2014-05-14 22:00:15 UTC

This is an autogenerated message for OBS integration:
This bug (877649) was mentioned in
https://build.opensuse.org/request/show/234106 Factory:NonFree / flash-player

Comment 7 Swamp Workflow Management 2014-05-15 22:00:12 UTC

bugbot adjusting priority

Comment 8 Swamp Workflow Management 2014-05-16 19:53:54 UTC

Update released for: flash-player, flash-player-gnome, flash-player-kde4
Products:
SLE-DESKTOP 11-SP3 (i386, x86_64)

Comment 9 Sebastian Krahmer 2014-05-19 07:51:51 UTC

released

Comment 10 Swamp Workflow Management 2014-05-19 12:21:14 UTC

openSUSE-SU-2014:0679-1: An update that fixes 5 vulnerabilities is now available.

Category: security (low)
Bug References: 877649
CVE References: CVE-2014-0516,CVE-2014-0517,CVE-2014-0518,CVE-2014-0519,CVE-2014-0520
Sources used: