Bug 886472 (CVE-2014-0537) - VUL-0: flash-player: CVE-2014-0537 CVE-2014-0539: flash-plugin: security protection bypass (APSB14-17)
Summary: VUL-0: flash-player: CVE-2014-0537 CVE-2014-0539: flash-plugin: security prot...
Status: RESOLVED FIXED
Alias: CVE-2014-0537
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Critical
Target Milestone: ---
Deadline: 2014-07-14
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/103434/
Whiteboard: maint:released:sle11-sp3:58282
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-09 15:17 UTC by Victor Pereira
Modified: 2015-02-19 01:50 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2014-07-09 15:17:02 UTC 
CVE-2014-0537 CVE-2014-0539

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and
OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android,
Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137
allow attackers to bypass intended access restrictions via unspecified vectors,
a different vulnerability than CVE-2014-0539.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1117586
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0539
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0537
http://helpx.adobe.com/security/products/flash-player/apsb14-17.html
Comment 1 Victor Pereira 2014-07-09 15:44:39 UTC 
*** Bug 886454 has been marked as a duplicate of this bug. ***
Comment 4 Bernhard Wiedemann 2014-07-09 17:00:12 UTC 
This is an autogenerated message for OBS integration:
This bug (886472) was mentioned in
https://build.opensuse.org/request/show/240006 Factory:NonFree / flash-player
Comment 6 Swamp Workflow Management 2014-07-09 22:00:21 UTC 
bugbot adjusting priority
Comment 7 Swamp Workflow Management 2014-07-10 14:43:37 UTC 
An update workflow for this issue was started.
This issue was rated as critical.
Please submit fixed packages until 2014-07-14.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58266
Comment 8 SMASH SMASH 2014-07-10 14:45:20 UTC 
Affected packages:

SLE-11-SP1: flash-player
Comment 11 Swamp Workflow Management 2014-07-15 01:46:18 UTC 
Update released for: flash-player, flash-player-gnome, flash-player-kde4
Products:
SLE-DESKTOP 11-SP3 (i386, x86_64)
Comment 12 Swamp Workflow Management 2014-07-15 05:04:27 UTC 
SUSE-SU-2014:0897-1: An update that fixes three vulnerabilities is now available.

Category: security (critical)
Bug References: 886472
CVE References: CVE-2014-0537,CVE-2014-0539,CVE-2014-4671
Sources used:
SUSE Linux Enterprise Desktop 11 SP3 (src):    flash-player-11.2.202.394-0.3.1
Comment 14 Swamp Workflow Management 2014-07-16 10:04:23 UTC 
openSUSE-SU-2014:0903-1: An update that fixes three vulnerabilities is now available.

Category: security (critical)
Bug References: 886472
CVE References: CVE-2014-0537,CVE-2014-0539,CVE-2014-4671
Sources used:
Comment 15 Swamp Workflow Management 2014-07-17 07:04:40 UTC 
openSUSE-SU-2014:0913-1: An update that fixes three vulnerabilities is now available.

Category: security (critical)
Bug References: 886472
CVE References: CVE-2014-0537,CVE-2014-0539,CVE-2014-4671
Sources used: