Bug 24942

Summary: flash-player-plugin security update 32.0.0.207
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: fri, jim, sysadmin-bugs, tmb
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-64-OK MGA6-32-OK
Source RPM: flash-player-plugin CVE: CVE-2019-7845
Status comment:

Description Nicolas Salguero 2019-06-11 16:48:20 CEST 
Hi,

Version 32.0.0.207 fixes CVE-2019-7845.

References:
https://helpx.adobe.com/security/products/flash-player/apsb19-30.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7845

Best regards,

Nico.
Nicolas Salguero 2019-06-11 16:49:10 CEST

Source RPM: (none) => flash-player-plugin
CVE: (none) => CVE-2019-7845
Whiteboard: (none) => MGA6TOO

Comment 1 Nicolas Salguero 2019-06-12 09:49:42 CEST 
Suggested advisory:
========================

Updated flash-player-plugin package fixes a security vulnerability:

A use after free that leads to arbitrary code execution. (CVE-2019-7845)

References:
https://helpx.adobe.com/security/products/flash-player/apsb19-30.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7845
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-32.0.0.207-1.mga6.nonfree

from SRPMS:
flash-player-plugin-32.0.0.207-1.mga6.nonfree.src.rpm

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6
Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs

Comment 2 Morgan Leijström 2019-06-14 16:49:36 CEST 
64 bit, Plasma, Nvidia driver
Upgraded OK.
 Using Firefox:
Flash version test OK.
Video test OK.

CC: (none) => fri

Comment 3 James Kerr 2019-06-16 10:40:59 CEST 
on mga6-64  plasma

package installed cleanly:
flash-player-plugin-32.0.0.207-1.mga6.nonfree

https://helpx.adobe.com/flash-player.html
reports that I have the latest version installed

OK for mga6-64

CC: (none) => jim
Whiteboard: (none) => MGA6-64-OK

Comment 4 James Kerr 2019-06-16 10:55:03 CEST 
on mga6-32  plasma  (on a vbox VM)

package installed cleanly:
- flash-player-plugin-32.0.0.207-1.mga6.nonfree.i586

https://helpx.adobe.com/flash-player.html
reports that the latest version is installed

OK for mga6-32

Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OK

Comment 5 James Kerr 2019-06-16 10:58:29 CEST 
Update is validated. Advisory in comment #1 needs to be uploaded to SVN

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Thomas Backlund 2019-06-21 01:43:04 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 6 Mageia Robot 2019-06-21 03:08:09 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0192.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED