Bug 21703

Summary: Security update request for flash-player-plugin, to 27.0.0.130
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs
Version: 6Keywords: Security, advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb17-28.html
Whiteboard: MGA5TOO MGA5-64-OK MGA5-32-OK MGA6-64-OK MGA6-32-OK
Source RPM: flash-player-plugin CVE: CVE-2017-11281, CVE-2017-11282
Status comment:

Description Anssi Hannula 2017-09-13 20:07:31 CEST 
Advisory:
============
Adobe Flash Player 27.0.0.130 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This update addresses two memory corruption vulnerabilities that could lead to code execution (CVE-2017-11281, CVE-2017-11282).

References:
https://helpx.adobe.com/security/products/flash-player/apsb17-28.html
============

Updated Flash Player packages have been submitted to mga5+mga6 nonfree/updates_testing.

Source packages:
flash-player-plugin-27.0.0.130-1.mga6.nonfree
flash-player-plugin-27.0.0.130-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde (mga5 only)
Anssi Hannula 2017-09-13 20:08:32 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 Dave Hodgins 2017-09-13 21:22:43 CEST 
Install cleanly on Mageia 5 x86_64.
http://get.adobe.com/flashplayer/about/ shows version 27.0.0.130 installed.

Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OK
CC: (none) => davidwhodgins

Dave Hodgins 2017-09-13 21:27:08 CEST

Keywords: (none) => advisory

Comment 2 Dave Hodgins 2017-09-13 22:01:44 CEST 
Ok on both arches, both releases. Validating the update.

Keywords: (none) => validated_update
Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA5-32-OK MGA6-64-OK MGA6-32-OK
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2017-09-14 20:22:26 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0339.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED