| Summary: | flash-player-plugin security update 32.0.0.171 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | eric gerbier <eric.gerbier> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | davidwhodgins, nicolas.salguero, sysadmin-bugs |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK | ||
| Source RPM: | flash-player-plugin-32.0.0.156-1.mga6.nonfree.src.rpm | CVE: | CVE-2019-7108, CVE-2019-7096 |
| Status comment: | |||
I think is due the version 32.0.0.171 is now the current in adobe Suggested advisory: ======================== Updated flash-player-plugin package fixes security vulnerabilities: An out-of-bounds read that leads to information disclosure. (CVE-2019-7108) A use after free that leads to arbitrary code execution. (CVE-2019-7096) References: https://helpx.adobe.com/security/products/flash-player/apsb19-19.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7108 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7096 ======================== Updated packages in nonfree/updates_testing: ======================== flash-player-plugin-32.0.0.171-1.mga6.nonfree from SRPMS: flash-player-plugin-32.0.0.171-1.mga6.nonfree.src.rpm CC:
(none) =>
nicolas.salguero
Nicolas Salguero
2019-04-10 09:21:57 CEST
Assignee:
bugsquad =>
qa-bugs Tested at http://get.adobe.com/flashplayer/about/ in opera 12.16. Advisory committed to svn. Validating the update. Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0149.html Status:
ASSIGNED =>
RESOLVED |
Description of problem: urpmi flash-player-plugin Marque flash-player-plugin comme étant manuellement installé, il ne sera pas considéré comme un paquet orphelin writing /var/lib/rpm/installed-through-deps.list ftp://137.129.150.2/linux/mga/backport6c/RPMS/flash-player-plugin-32.0.0.156-1.mga6.nonfree.x86_64.rpm SECURITÉ : PAS de vérification du paquet « /var/cache/urpmi/rpms/flash-player-plugin-32.0.0.156-1.mga6.nonfree.x86_64.rpm » (à cause de la configuration) installation de flash-player-plugin-32.0.0.156-1.mga6.nonfree.x86_64.rpm depuis /var/cache/urpmi/rpms Préparation... ############################################# Note that by downloading the Adobe Flash Player you indicate your acceptance of the EULA, available at http://www.adobe.com/products/eulas/players/flash/ Downloading from http://fpdownload.adobe.com/get/flashplayer/pdc/32.0.0.156/flash-player-ppapi-32.0.0.156-release.x86_64.rpm: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 277 100 277 0 0 2077 0 --:--:-- --:--:-- --:--:-- 2495 Error: Unable to download Flash Player. This is likely due to this package being too old. Please file a bug report at https://bugs.mageia.org so that the package gets updated. Thank you. In the meantime, you can download Flash Player manually from http://get.adobe.com/flashplayer/ erreur : %prein(flash-player-plugin-32.0.0.156-1.mga6.nonfree.x86_64) scriptlet échoué, état de sortie 1 ERROR: 'script' failed for flash-player-plugin-32.0.0.156-1.mga6.nonfree.x86_64 erreur : flash-player-plugin-32.0.0.156-1.mga6.nonfree.x86_64: installer échoué Version-Release number of selected component (if applicable): flash-player-plugin-32.0.0.156 How reproducible: Steps to Reproduce: 1. urpmi flash-player-plugin 2. 3.