Bugzilla – Bug 882187
VUL-0: CVE-2014-0531: flash-player: Multiple vulnerabilities
Last modified: 2014-06-18 05:55:10 UTC
Adobe has released Flash Player 11.2.202.378 for Linux to correct the following flaws: These updates resolve cross-site-scripting vulnerabilities (CVE-2014-0531, CVE-2014-0532, CVE-2014-0533). These updates resolve security bypass vulnerabilities (CVE-2014-0534, CVE-2014-0535). These updates resolve a memory corruption vulnerability that could result in arbitrary code execution (CVE-2014-0536). http://helpx.adobe.com/security/products/flash-player/apsb14-16.html References: https://bugzilla.redhat.com/show_bug.cgi?id=1107822 https://bugzilla.redhat.com/show_bug.cgi?id=1107823 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0536 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0535 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0534 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0533 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0532 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0531
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-06-18. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/57781
Affected packages: SLE-11-SP3: flash-player
Submitted. openSUSE 12.3, 13.1: created OBS maintenance request id 236916 openSUSE:Factory:NonFree: created OBS request id 236918 SLE11: created IBS request id 39347 SLE12: created IBS request id 39348 As Adobe again changed the flashplayer_11_sa.i386.tar.gz contents, I improved the stuff a bit. Now it accepts both forms of this file seen in past: - only "flashplayer" binary packaged - the whole tree packaged, with top directory named "install_flash_player_linux_sa" and "flashplayer" binary residing there together with other stuff we don't need.
This is an autogenerated message for OBS integration: This bug (882187) was mentioned in https://build.opensuse.org/request/show/236918 Factory:NonFree / flash-player
bugbot adjusting priority
openSUSE-SU-2014:0798-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 882187 CVE References: CVE-2014-0531,CVE-2014-0532,CVE-2014-0533,CVE-2014-0534,CVE-2014-0535,CVE-2014-0536 Sources used:
openSUSE-SU-2014:0799-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 882187 CVE References: CVE-2014-0531,CVE-2014-0532,CVE-2014-0533,CVE-2014-0534,CVE-2014-0535,CVE-2014-0536 Sources used:
released
Update released for: flash-player, flash-player-gnome, flash-player-kde4 Products: SLE-DESKTOP 11-SP3 (i386, x86_64)
SUSE-SU-2014:0806-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 882187 CVE References: CVE-2014-0531,CVE-2014-0532,CVE-2014-0533,CVE-2014-0534,CVE-2014-0535,CVE-2014-0536 Sources used: SUSE Linux Enterprise Desktop 11 SP3 (src): flash-player-11.2.202.378-0.3.1