MGASA-2015-0109
- Source
- https://advisories.mageia.org/MGASA-2015-0109.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0109.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2015-0109
- Upstream
- Published
- 2015-03-14T18:44:24Z
- Modified
- 2026-04-16T06:25:04.227017106Z
- Summary
- Updated flash-player-plugin package fixes security vulnerabilities
- Details
-
Adobe Flash Player 11.2.202.451 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system.
This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339).
This update resolves type confusion vulnerabilities that could lead to code execution (CVE-2015-0334, CVE-2015-0336).
This update resolves a vulnerability that could lead to a cross-domain policy bypass (CVE-2015-0337).
This update resolves a vulnerability that could lead to a file upload restriction bypass (CVE-2015-0340).
This update resolves an integer overflow vulnerability that could lead to code execution (CVE-2015-0338).
This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2015-0341, CVE-2015-0342).
Additionally, the Flash Plugin package downloaded from Adobe is now verified using recorded sha256sum and file size instead of using insecure md5sum (mga#15229).
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:4 / flash-player-plugin
Package
- Name
- flash-player-plugin
- Purl
- pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-4