Bug 22023

Summary: Security update request for flash-player-plugin, to 27.0.0.187
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: jim, petlaw726, sysadmin-bugs, tmb
Version: 6Keywords: Security, advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
Whiteboard: MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-64-OK MGA6-32-OK
Source RPM: flash-player-plugin CVE: CVE-2017-3112, CVE-2017-3114, CVE-2017-11213, CVE-2017-11215, CVE-2017-11225
Status comment:

Description Anssi Hannula 2017-11-14 18:34:18 CET 
Advisory:
============
Adobe Flash Player 27.0.0.187 addresses critical vulnerabilities that could lead to code execution.

The update fixes out-of-bounds reads (CVE-2017-3112, CVE-2017-3114, CVE-2017-11213) and use-after-free issues (CVE-2017-11215, CVE-2017-11225).

References:
https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
============

Updated Flash Player packages have been submitted to mga5+mga6 nonfree/updates_testing.

Source packages:
flash-player-plugin-27.0.0.187-1.mga6.nonfree
flash-player-plugin-27.0.0.187-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde (mga5 only)
Anssi Hannula 2017-11-14 18:34:31 CET

Whiteboard: (none) => MGA5TOO

Comment 1 David Walser 2017-11-15 03:30:50 CET 
Confirmed a successful update on Mageia 5 i586 and x86_64.

Whiteboard: MGA5TOO => MGA5TOO MGA5-32-OK MGA5-64-OK

Comment 2 James Kerr 2017-11-15 11:51:06 CET 
On mga6-64

package installed cleanly:
flash-player-plugin-27.0.0.187-1.mga6.nonfree.x86_64

Confirmed latest version installed at:
https://helpx.adobe.com/flash-player.html

OK for mga6-64

Whiteboard: MGA5TOO MGA5-32-OK MGA5-64-OK => MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-64-OK
CC: (none) => jim

Comment 3 James Kerr 2017-11-15 12:05:54 CET 
On mag6-32 in  a vbox VM

package installed cleanly:
flash-player-plugin-27.0.0.187-1.mga6.nonfree.i586 

confirmed latest version installed at
https://helpx.adobe.com/flash-player.html

OK for mga6-32

Whiteboard: MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-64-OK => MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-64-OK MGA6-32-OK

Comment 4 James Kerr 2017-11-15 12:10:40 CET 
now validated

the advisory needs to be uploaded to SVN

the update can then be pushed

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 James Kerr 2017-11-15 12:29:41 CET 
*** Bug 22028 has been marked as a duplicate of this bug. ***

CC: (none) => petlaw726

Comment 6 Thomas Backlund 2017-11-16 08:15:29 CET 
advisory added

CC: (none) => tmb
Keywords: (none) => advisory

Comment 7 Mageia Robot 2017-11-16 08:40:19 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0410.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED