Bugzilla – Bug 907257
VUL-0: CVE-2014-8439 flash-player: hardening against a code execution flaw (APSB14-26)
Last modified: 2015-04-16 11:05:35 UTC
rh#1168057 Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. References: https://bugzilla.redhat.com/show_bug.cgi?id=1168057 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439 http://helpx.adobe.com/security/products/flash-player/apsb14-26.html
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-12-03. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/59805
Submitted: openSUSE:Factory:NonFree: Created OBS request id 263173. openSUSE:13.2:NonFree:Update (it is not included in Maintenance yet): Created OBS maintenance/submit request id 263174. openSUSE:Maintenance (12.3, 13.1): Created OBS maintenance request id 263176. SLE12: Created IBS maintenance request id 46719. SLE11: Created IBS request id 46721. If the processing of previous security update is not yet done, feel free to cancel it. The new changelog includes the old one and there are no other things to merge.
bugbot adjusting priority
OOPS. I mentioned bad bug id in the changes file. Resubmitting everything once again: Submitted: openSUSE:Factory:NonFree: Created OBS request id 263244. openSUSE:13.2:NonFree:Update (it is not included in Maintenance yet): Created OBS maintenance/submit request id 263245. openSUSE:Maintenance (12.3, 13.1): Created OBS maintenance request id 263242. SLE12: Created IBS maintenance request id 46741. SLE11: Created IBS request id 46740.
This is an autogenerated message for OBS integration: This bug (907257) was mentioned in https://build.opensuse.org/request/show/263244 Factory:NonFree / flash-player https://build.opensuse.org/request/show/263245 13.2:NonFree / flash-player
SUSE-SU-2014:1542-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 907257 CVE References: CVE-2014-8439 Sources used:
SUSE-SU-2014:1545-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 907257 CVE References: CVE-2014-8439 Sources used: SUSE Linux Enterprise Desktop 11 SP3 (src): flash-player-11.2.202.424-0.3.1
The openSUSE:13.2 submission from comment 6 was declined. Please resubmit. I'm also a bit puzzled why the CVEs from version 11.2.202.418 were listed as new in that submission. Version 11.2.202.418 was already released.
openSUSE-SU-2014:1562-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 907257 CVE References: CVE-2014-8439 Sources used:
(In reply to Alexander Bergmann from comment #9) Please resubmit using osc mbranch flash-player Don't use the previously branched project, there were some errors in the maintained data.
Resubmitted the same from a new subproject as OSC maintenance request 264176. I don't know what was broken. changes and patchifo seem to be correct and CVE-2014-8439 is unique for the latest version.
This is an autogenerated message for OBS integration: This bug (907257) was mentioned in https://build.opensuse.org/request/show/264954 13.2:NonFree / flash-player_NonFree_Update
Released for all producs.
openSUSE-SU-2015:0725-1: An update that fixes 45 vulnerabilities is now available. Category: security (important) Bug References: 856386,901334,905032,907257,909219,913057,914333,914463,922033,927089 CVE References: CVE-2014-0558,CVE-2014-0564,CVE-2014-0569,CVE-2014-0573,CVE-2014-0574,CVE-2014-0576,CVE-2014-0577,CVE-2014-0581,CVE-2014-0582,CVE-2014-0583,CVE-2014-0584,CVE-2014-0585,CVE-2014-0586,CVE-2014-0588,CVE-2014-0589,CVE-2014-0590,CVE-2014-8437,CVE-2014-8438,CVE-2014-8440,CVE-2014-8441,CVE-2014-8442,CVE-2015-0331,CVE-2015-0332,CVE-2015-0346,CVE-2015-0347,CVE-2015-0348,CVE-2015-0349,CVE-2015-0350,CVE-2015-0351,CVE-2015-0352,CVE-2015-0353,CVE-2015-0354,CVE-2015-0355,CVE-2015-0356,CVE-2015-0357,CVE-2015-0358,CVE-2015-0359,CVE-2015-0360,CVE-2015-3038,CVE-2015-3039,CVE-2015-3040,CVE-2015-3041,CVE-2015-3042,CVE-2015-3043,CVE-2015-3044 Sources used: