{"id":"MGASA-2015-0248","summary":"Updated flash-player-plugin package fixes security vulnerability","details":"Adobe Flash Player 11.2.202.468 contains fixes to critical security\nvulnerabilities found in earlier versions that could cause a crash and\npotentially allow an attacker to take control of the affected system.\n\nAdobe is aware of reports that CVE-2015-3113 is being actively exploited in\nthe wild via limited, targeted attacks. Systems running Internet Explorer\nfor Windows 7 and below, as well as Firefox on Windows XP, are known targets.\n\nThis update resolves a heap buffer overflow vulnerability that could lead to\ncode execution (CVE-2015-3113).\n\nThis update resolves a vulnerability (CVE-2015-3096) that could be exploited\nto bypass the fix for CVE-2014-5333.\n\nThis update resolves vulnerabilities that could be exploited to bypass the\nsame-origin-policy and lead to information disclosure (CVE-2015-3098,\nCVE-2015-3099, CVE-2015-3102).\n\nThis update resolves a stack overflow vulnerability that could lead to code\nexecution (CVE-2015-3100).\n\nThis update resolves a permission issue in the Flash broker for Internet\nExplorer that could be exploited to perform privilege escalation from low to\nmedium integrity level (CVE-2015-3101).    \n\nThis update resolves an integer overflow vulnerability that could lead to\ncode execution (CVE-2015-3104).\n\nThis update resolves a memory corruption vulnerability that could lead to\ncode execution (CVE-2015-3105).\n\nThis update resolves use-after-free vulnerabilities that could lead to\ncode execution (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107).\n\nThis update resolves a memory leak vulnerability that could be used to\nbypass ASLR (CVE-2015-3108).\n","modified":"2026-04-16T06:24:07.398045845Z","published":"2015-06-24T05:58:28Z","upstream":["CVE-2015-3096","CVE-2015-3098","CVE-2015-3099","CVE-2015-3100","CVE-2015-3101","CVE-2015-3102","CVE-2015-3103","CVE-2015-3104","CVE-2015-3105","CVE-2015-3106","CVE-2015-3107","CVE-2015-3108","CVE-2015-3113"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0248.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16139"},{"type":"WEB","url":"https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"},{"type":"WEB","url":"https://helpx.adobe.com/security/products/flash-player/apsb15-14.html"}],"affected":[{"package":{"name":"flash-player-plugin","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.2.202.468-1.mga4.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0248.json"}},{"package":{"name":"flash-player-plugin","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.2.202.468-1.mga5.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0248.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}