Bug 20293

I'm glad to see this one in the pipeline. I discovered this morning when I wanted to look up a John Deere part number that the 64-bit flash player installer that's currently in the Cauldron repositories no longer works. 

This is probably because it pulls in the plugin from Adobe, and Adobe no longer lists that version as available for download. I just made this Cauldron install a few days ago, and I installed the plugin at that time, but didn't realize it had not worked. 

I wound up having to download the latest version directly from Adobe.

CC: (none) => andrewsfarm

Hi,

i modified the spec file to match the new version, move two url that are not good, files download well but the function  checksha256sum return always false and the script do not install package..
Without the test of checksha256sum the downloaded file is correctly installed.

CC: (none) => contact

An updated package (version 24.0.0.221) was pushed for cauldron earlier today.

CC: (none) => mrambo

Updated package uploaded for Mageia 5.

Advisory:
========================

Updated flash-player-plugin package fixes security vulnerabilities:

* A type confusion vulnerability that could lead to code execution (CVE-2017-2995).
* An integer overflow vulnerability that could lead to code execution (CVE-2017-2987).
* Use-after-free vulnerabilities that could lead to code execution (CVE-2017-2982, CVE-2017-2985, CVE-2017-2993, CVE-2017-2994).
* Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017- 2984, CVE-2017-2986, CVE-2017-2992).
* Memory corruption vulnerabilities that could lead to code execution (CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2996).


References:
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-24.0.0.221-1.mga5
flash-player-plugin-kde-24.0.0.221-1.mga5

from flash-player-plugin-24.0.0.221-1.mga5.src.rpm

Version: Cauldron => 5
Assignee: anssi.hannula => qa-bugs
Whiteboard: MGA5TOO => (none)

x86_64

Tried Youtube and Vevo in firefox and youtube-dl for good measure.  Sound and vision working fine.

CC: (none) => tarazed25

Installed the plugins in i586 virtualbox and played Youtube videos in firefox.  pavucontrol showed that sound was being processed.

Searched the system for plugin references.
$ locate flash-player-plugin
/usr/lib/flash-player-plugin
/usr/lib/flash-player-plugin/doc
/usr/lib/flash-player-plugin/libflashplayer.so
/usr/lib/flash-player-plugin/doc/LGPL.txt
/usr/lib/flash-player-plugin/doc/license.pdf
/usr/lib/flash-player-plugin/doc/notice.txt
/usr/lib/flash-player-plugin/doc/readme.txt
/usr/share/flash-player-plugin
/usr/share/doc/flash-player-plugin
/usr/share/doc/flash-player-plugin/README.mageia
/usr/share/flash-player-plugin/functions
/usr/share/mageiawelcome/img/flash-player-plugin.png
/var/lib/flash-player-plugin
/var/lib/flash-player-plugin/flash-player-npapi-24.0.0.221-release.i386.rpm
The plugin registry for firefox was changed at this time. 
$ ls -l .mozilla/firefox/t0ka4zqf.default/pluginreg.dat
-rw------- 1 lcl lcl 9596 Mar  7 18:08 .mozilla/firefox/t0ka4zqf.default/pluginreg.dat
$ strings pluginreg.dat | grep flashplayer
libflashplayer.so:$
/usr/lib/flash-player-plugin/libflashplayer.so:$

Fine here with https://www.adobe.com/software/flash/about/ and various other
websites.

Validating.

Keywords: (none) => validated_update
Whiteboard: MGA5-32-OK advisory => MGA5-32-OK advisory MGA5-64-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0075.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED