Bug 23841

Summary: flash-player-plugin security update 31.0.0.148
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: davidwhodgins, sysadmin-bugs
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-64-OK
Source RPM: flash-player-plugin CVE: CVE-2018-15978
Status comment:

Description Nicolas Salguero 2018-11-14 09:10:21 CET 
Hi,

Version 31.0.0.148 fixes CVE-2018-15978.

References:
https://helpx.adobe.com/security/products/flash-player/apsb18-39.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15978

Best regards,

Nico.
Nicolas Salguero 2018-11-14 09:10:43 CET

Whiteboard: (none) => MGA6TOO
CVE: (none) => CVE-2018-15978
Source RPM: (none) => flash-player-plugin

Comment 1 Nicolas Salguero 2018-11-14 09:30:29 CET 
Suggested advisory:
========================

Updated flash-player-plugin package fixes a security vulnerability:

An important vulnerability in Adobe Flash Player 31.0.0.122 and earlier versions.  Successful exploitation could lead to information disclosure. (CVE-2018-15978)

References:
https://helpx.adobe.com/security/products/flash-player/apsb18-39.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15978
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-31.0.0.148-1.mga6

from flash-player-plugin-31.0.0.148-1.mga6.src.rpm

Status: NEW => ASSIGNED
Version: Cauldron => 6
Assignee: bugsquad => qa-bugs
Whiteboard: MGA6TOO => (none)

Comment 2 Dave Hodgins 2018-11-15 22:28:46 CET 
Tested with http://get.adobe.com/flashplayer/about/ in opera 12.16, firefox, etc.

Confirmed it's in nonfree where it should be with ...
$ urpmq -i flash-player-plugin|grep ^Source|sort -uV|tail -n 1
Source RPM  : flash-player-plugin-31.0.0.148-1.mga6.nonfree.src.rpm
so using corrected srpm in advisory.
Advisory committed to svn.
Validating the update.

Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA6-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2018-11-15 23:05:47 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0453.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED