Bug 21883

Summary: Security update request for flash-player-plugin, to 27.0.0.170
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: High CC: davidwhodgins, mageia, sysadmin-bugs
Version: 6Keywords: Security, advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
Whiteboard: MGA5TOO MGA5-64-OK MGA6-64-OK
Source RPM: flash-player-plugin CVE: CVE-2017-11292
Status comment:

Description Anssi Hannula 2017-10-16 16:37:13 CEST 
Advisory:
============
Adobe Flash Player 27.0.0.170 addresses a critical type confusion vulnerability that could lead to code execution (CVE-2017-11292).

Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows.

References:
https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
============

Updated Flash Player packages have been submitted to mga5+mga6 nonfree/updates_testing.

Source packages:
flash-player-plugin-27.0.0.170-1.mga6.nonfree
flash-player-plugin-27.0.0.170-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde (mga5 only)
Anssi Hannula 2017-10-16 16:37:33 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 PC LX 2017-10-17 01:48:58 CEST 
Installed and tested without issues.

Tested using Firefox and Konqueror with several flash games and videos. All seems OK.

System: Mageia 5, x86_64, Plasma DE, Intel CPU, nVidia GPU using proprietary driver nvidia340.

$ uname -a
Linux marte 4.4.92-desktop-1.mga5 #1 SMP Thu Oct 12 20:14:45 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q flash-player-plugin
flash-player-plugin-27.0.0.170-1.mga5.nonfree

Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OK
CC: (none) => mageia

Comment 2 Dave Hodgins 2017-10-17 02:53:32 CEST 
Confirmed ok on Mageia 6 x86_64.
Advisory committed to svn.
Validating the update.

Keywords: (none) => advisory, validated_update
Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2017-10-18 22:20:37 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0377.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED