{"id":"MGASA-2015-0273","summary":"Updated flash-player-plugin package fixes critical security vulnerabilities","details":"Adobe Flash Player 11.2.202.481 contains fixes to critical security\nvulnerabilities found in earlier versions that could potentially allow an\nattacker to take control of the affected system.\n\nAdobe is aware of a report that an exploit targeting CVE-2015-5119 has\nbeen publicly published. \n\nThis updates resolves heap buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118).\n\nThis updates resolves memory corruption vulnerabilities that could lead to\ncode execution (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130,\nCVE-2015-3133, CVE-2015-3134, CVE-2015-4431).\n\nThis updates resolves null pointer dereference issues (CVE-2015-3126,\nCVE-2015-4429).\n\nThis updates resolves a security bypass vulnerability that could lead to\ninformation disclosure (CVE-2015-3114).\n\nThis updates resolves type confusion vulnerabilities that could lead to\ncode execution (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121,\nCVE-2015-3122, CVE-2015-4433).\n\nThis updates resolves use-after-free vulnerabilities that could lead to\ncode execution (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117,\nCVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132,\nCVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119).\n\nThis updates resolves vulnerabilities that could be exploited to bypass\nthe same-origin-policy and lead to information disclosure (CVE-2014-0578,\nCVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116).\n","modified":"2026-04-16T06:23:28.159055701Z","published":"2015-07-09T08:09:20Z","upstream":["CVE-2014-0578","CVE-2015-3114","CVE-2015-3115","CVE-2015-3116","CVE-2015-3117","CVE-2015-3118","CVE-2015-3119","CVE-2015-3120","CVE-2015-3121","CVE-2015-3122","CVE-2015-3123","CVE-2015-3124","CVE-2015-3125","CVE-2015-3126","CVE-2015-3127","CVE-2015-3128","CVE-2015-3129","CVE-2015-3130","CVE-2015-3131","CVE-2015-3132","CVE-2015-3133","CVE-2015-3134","CVE-2015-3135","CVE-2015-3136","CVE-2015-3137","CVE-2015-4428","CVE-2015-4429","CVE-2015-4430","CVE-2015-4431","CVE-2015-4432","CVE-2015-4433","CVE-2015-5116","CVE-2015-5117","CVE-2015-5118","CVE-2015-5119"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0273.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16325"},{"type":"WEB","url":"https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"}],"affected":[{"package":{"name":"flash-player-plugin","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.2.202.481-1.mga4.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0273.json"}},{"package":{"name":"flash-player-plugin","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.2.202.481-1.mga5.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0273.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}