Bug 22367

Summary: flash-player-plugin security update 28.0.0.137
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: anssi.hannula, marja11, sysadmin-bugs, tmb
Version: 6Keywords: Security, advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
Whiteboard: mga6-64-ok
Source RPM: flash-player-plugin CVE: CVE-2018-4871
Status comment:

Description Nicolas Salguero 2018-01-10 09:55:38 CET 
Hi,

Version 28.0.0.137 fixes:

An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. (CVE-2018-4871)

Reference:
https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4871

Best regards,

Nico.
Nicolas Salguero 2018-01-10 09:56:18 CET

Whiteboard: (none) => MGA6TOO
CVE: (none) => CVE-2018-4871
Source RPM: (none) => flash-player-plugin

Marja Van Waes 2018-01-10 10:46:02 CET

Assignee: bugsquad => anssi.hannula
CC: (none) => marja11

Comment 1 Anssi Hannula 2018-01-10 15:12:59 CET 
Advisory:
============
Adobe Flash Player 28.0.0.137 addresses an important out-of-bounds read vulnerability that could lead to information exposure (CVE-2018-4871).

References:
https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
============

Updated Flash Player packages have been submitted to mga6 nonfree/updates_testing and to cauldron nonfree/release.

Source packages:
flash-player-plugin-28.0.0.137-1.mga6.nonfree

Binary packages:
flash-player-plugin

Status: NEW => ASSIGNED
CC: (none) => anssi.hannula
URL: (none) => https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
Keywords: (none) => Security
Assignee: anssi.hannula => qa-bugs

Thomas Backlund 2018-01-10 15:44:20 CET

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)
CC: (none) => tmb

Comment 2 claire robinson 2018-01-11 19:02:56 CET 
Tested OK mga6 64

Confirmed version being installed. Checked at adobe flash test page and played some flash games.

Whiteboard: (none) => mga6-64-ok

Lewis Smith 2018-01-12 09:37:55 CET

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2018-01-12 20:50:26 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0072.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED