Bug 23872

Summary: flash-player-plugin security update 31.0.0.153
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, lewyssmith, sysadmin-bugs
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-32-OK MGA6-64-OK
Source RPM: flash-player-plugin CVE: CVE-2018-15981
Status comment:

Description Nicolas Salguero 2018-11-21 09:22:24 CET 
Hi,

Version 31.0.0.153 fixes CVE-2018-15981.

References:
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15981

Best regards,

Nico.
Nicolas Salguero 2018-11-21 09:22:52 CET

Source RPM: (none) => flash-player-plugin
CVE: (none) => CVE-2018-15981
Whiteboard: (none) => MGA6TOO

Comment 1 Nicolas Salguero 2018-11-21 09:32:56 CET 
Suggested advisory:
========================

Updated flash-player-plugin package fixes a security vulnerability:

A critical vulnerability in Adobe Flash Player 31.0.0.148 and earlier versions.  Successful exploitation could lead to arbitrary code execution in the context of the current user. (CVE-2018-15981)

References:
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15981
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-31.0.0.153-1.mga6

from flash-player-plugin-31.0.0.153-1.mga6.src.rpm

Status: NEW => ASSIGNED
Version: Cauldron => 6
Assignee: bugsquad => qa-bugs
Whiteboard: MGA6TOO => (none)

Comment 2 Thomas Andrews 2018-11-21 19:48:14 CET 
Another one, eh? 

Package installed cleanly. Works OK in a 64-bit VirtualBox VM.

CC: (none) => andrewsfarm

Comment 3 Thomas Andrews 2018-11-21 20:27:47 CET 
On real Intel-based hardware, 64-bit Plasma system.

Package installed cleanly. Seems to work OK to run a loop on a NOAA weather radar site.
Comment 4 Thomas Andrews 2018-11-21 20:59:41 CET 
Same hardware as above, 32-bit Plasma system.

Same results. No problems noted.
Comment 5 Thomas Andrews 2018-11-21 21:05:29 CET 
On real AMD-based hardware, with a graphics card using the nvidia340 driver, on a 64-bit Plasma system.

Package installed cleanly. NOAA weather radar site works as with everything else.

Since I'm not seeing any problems on two very different sets of hardware, and in VirtualBox, I'm giving this OKs and validating. Suggested advisory in Comment 1.

Whiteboard: (none) => MGA6-32-OK MGA6-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Lewis Smith 2018-11-22 22:22:18 CET

Keywords: (none) => advisory
CC: (none) => lewyssmith

Comment 6 Mageia Robot 2018-11-22 23:27:36 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0467.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED