Bug 24363

Summary: flash-player-plugin security update 32.0.0.142
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, davidwhodgins, sysadmin-bugs
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-32-OK MGA6-64-OK
Source RPM: flash-player-plugin CVE: CVE-2019-7090
Status comment:

Description Nicolas Salguero 2019-02-15 09:33:38 CET 
Hi,

Version 32.0.0.142 fixes CVE-2019-7090.

References:
https://helpx.adobe.com/security/products/flash-player/apsb19-06.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7090

Best regards,

Nico.
Nicolas Salguero 2019-02-15 09:34:05 CET

Source RPM: (none) => flash-player-plugin
Assignee: bugsquad => nicolas.salguero
CVE: (none) => CVE-2019-7090

Comment 1 Nicolas Salguero 2019-02-15 09:39:51 CET 
Suggested advisory:
========================

Updated flash-player-plugin package fixes a security vulnerability:

Information disclosure in the context of the current user. (CVE-2019-7090)

References:
https://helpx.adobe.com/security/products/flash-player/apsb19-06.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7090
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-32.0.0.142-1.mga6

from flash-player-plugin-32.0.0.142-1.mga6.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs

Nicolas Salguero 2019-02-15 11:17:23 CET

Version: Cauldron => 6

Comment 2 Thomas Andrews 2019-02-15 16:58:52 CET 
Tried this in the 32-bit soon-to-be-pushed Firefox 60.5.1-1 on a Plasma system.

Package installed cleanly, and a site known to still use Flash operated normally.

Looks OK for 32-bit.

CC: (none) => andrewsfarm
Whiteboard: (none) => MGA6-32-OK

Comment 3 Thomas Andrews 2019-02-15 17:43:53 CET 
Same test as Comment 2, different hardware, and 64-bit. Same results.

This is OK for 64-bit. Validating. Suggested advisory in Comment 1.

Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Dave Hodgins 2019-02-17 17:30:04 CET 
Advisory committed ot svn using the actual srpm, rather then the one in comment 1,
flash-player-plugin-32.0.0.142-1.mga6.nonfree.src.rpm

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2019-02-17 18:19:31 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0090.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED