Adobe has released Flash Player 11.2.202.400 for Linux to correct the following flaws: * These updates resolve memory leakage vulnerabilities that could be used to bypass memory address randomization (CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545). * These updates resolve a security bypass vulnerability (CVE-2014-0541). * These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2014-0538). External References: http://helpx.adobe.com/security/products/flash-player/apsb14-18.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1051 https://rhn.redhat.com/errata/RHSA-2014-1051.html
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-5333 to the following vulnerability: Name: CVE-2014-5333 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5333 Assigned: 20140818 Reference: http://miki.it/blog/2014/8/15/adobe-really-fixed-rosetta-flash-today/ Reference: http://helpx.adobe.com/security/products/flash-player/apsb14-18.html Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671. (NOTE: we have no way to prove the authenticity of this claim, however MITRE has assigned this CVE and indicates it is due to an incomplete fix for a CVE that was fixed in the prior flash-plugin for Linux, so the assumption that the incomplete fix was in 11.2.202.394 and corrected in 11.2.202.400 (shipped with this erratum) makes sense. It is, however, not noted on Adobe's advisory page, nor is the author of the referenced blog post credited by Adobe on the advisory page.)
APSB14-18 has been updated to note: These updates include a new validation check to handle specially crafted SWF content that can bypass restrictions introduced in version 14.0.0.145. The new restrictions in 14.0.0.176 prevent Flash Player from being used for cross-site request forgery attacks on JSONP endpoints (CVE-2014-5333).