Red Hat Bugzilla – Bug 1188329
CVE-2015-0313 flash-plugin: use-after-free leading to code execution (APSB15-04)
Last modified: 2018-03-01 13:10:31 EST
The following flaw was found in Adobe Flash Player: These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313) External References: https://helpx.adobe.com/security/products/flash-player/apsa15-02.html https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
The updated external reference contains: February 2, 2015 - removed Flash Player version 11.x from the list of affected versions. Version 11.x and earlier do not support the functionality affected by CVE-2015-0313. On the other hand, Adobe Flash Player 11.2.202.442 is available on the FTP server and some of Adobe's webpages link to it. The main pages do link to 11.2.202.440.
This flaw has been previously included in the APSA15-02 advisory: https://helpx.adobe.com/security/products/flash-player/apsa15-02.html where, as stated in comment #1, it is listed as not affecting the 11.x version of flash. The subsequent advisory: https://helpx.adobe.com/security/products/flash-player/apsb15-04.html does not make it clear whether this issue affects the Linux version or not. Considering the update comment from Feb 2 in APSA15-02, closing this as not affected.
> Resolution: --- → NOTABUG That's correct for CVE-2015-0313, but the ...442 update did solve security issues, see: http://helpx.adobe.com/security/products/flash-player/apsb15-04.html
(In reply to Tobias Burnus from comment #3) > > Resolution: --- → NOTABUG > > That's correct for CVE-2015-0313, but the ...442 update did solve security > issues, see: > http://helpx.adobe.com/security/products/flash-player/apsb15-04.html Hi, these are tracked separately in bug 1190068.