Bug 23464

Summary: Update request: flash-player-plugin 30.0.0.154
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: mga6-64-ok, mga6-32-ok
Source RPM: flash-player-plugin CVE:
Status comment:

Description Thomas Backlund 2018-08-19 09:32:16 CEST 
Adobe has released a new flash-player:
https://helpx.adobe.com/security/products/flash-player/apsb18-25.html


Out-of-bounds read 	Information Disclosure 	Important 	CVE-2018-12824
Security bypass 	Security Mitigation Bypass 	Important 	CVE-2018-12825
Out-of-bounds read 	Information Disclosure 	Important 	CVE-2018-12826
Out-of-bounds read 	Information Disclosure 	Important 	CVE-2018-12827
Use of a component with a known vulnerability 	Privilege Escalation 	Important 	CVE-2018-12828


(S)RMS: flash-player-plugin-30.0.0.154-1.mga6.nonfree
Comment 1 claire robinson 2018-08-19 17:10:07 CEST 
Testing mga6 64

Confirmed correct version downloaded.

Downloading from http://fpdownload.adobe.com/get/flashplayer/pdc/30.0.0.154/flash-player-ppapi-30.0.0.154-release.x86_64.rpm:

Tested by playing some flash games and version at:
https://helpx.adobe.com/uk/flash-player.html


YOUR SYSTEM INFORMATION
Your Flash Version 30.0.0.154
Your browser name Firefox
Your Operating System (OS) Linux

Whiteboard: (none) => mga6-64-ok

Comment 2 Thomas Backlund 2018-08-19 19:05:38 CEST 
Advisory, added to svn:


type: security
subject: Updated flash-player-plugin packages fix security vulnerabilities
CVE:
 - CVE-2018-12824
 - CVE-2018-12825
 - CVE-2018-12826
 - CVE-2018-12827
 - CVE-2018-12828
src:
  6:
   nonfree:
     - flash-player-plugin-30.0.0.154-1.mga6.nonfree
description: |
  Updated flash-player-plugin packages fix security vulnerabilities:
  * Out-of-bounds read that can lead to Information Disclosure 
    (CVE-2018-12824, CVE-2018-12826, CVE-2018-12827)
  * Security bypass that can lead to Security Mitigation Bypass
    (CVE-2018-12825)
  * Use of a component with a known vulnerability can lead to a
    Privilege Escalation (CVE-2018-12828)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=23464
 - https://helpx.adobe.com/security/products/flash-player/apsb18-25.html

Keywords: (none) => advisory

Comment 3 Thomas Backlund 2018-08-19 19:58:42 CEST 
Works on 32bit too, validating...

Whiteboard: mga6-64-ok => mga6-64-ok, mga6-32-ok
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2018-08-19 20:37:48 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0349.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED