Bug 25429

Summary: flash-player-plugin security update 32.0.0.255
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, sysadmin-bugs, tarazed25, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6TOO MGA6-64-OK MGA7-64-OK
Source RPM: flash-player-plugin CVE: CVE-2019-8069, CVE-2019-8070
Status comment:

Description Nicolas Salguero 2019-09-12 08:50:40 CEST 
Hi,

Version 32.0.0.255 fixes CVE-2019-8069 and CVE-2019-8070.

References:
https://helpx.adobe.com/security/products/flash-player/apsb19-46.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8070

Best regards,

Nico.
Nicolas Salguero 2019-09-12 08:51:12 CEST

Whiteboard: (none) => MGA7TOO, MGA6TOO
CVE: (none) => CVE-2019-8069, CVE-2019-8070
Source RPM: (none) => flash-player-plugin

Comment 1 Nicolas Salguero 2019-09-12 09:17:09 CEST 
Suggested advisory:
========================

Updated flash-player-plugin package fixes security vulnerabilities:

Same origin method execution that leads to arbitrary code execution in the context of the current user. (CVE-2019-8069)

Use after free that leads to arbitrary code execution in the context of the current user. (CVE-2019-8070)

References:
https://helpx.adobe.com/security/products/flash-player/apsb19-46.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8070
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-32.0.0.255-1.mga[67].nonfree

from SRPMS:
flash-player-plugin-32.0.0.255-1.mga[67].nonfree.src.rpm

Status: NEW => ASSIGNED
Whiteboard: MGA7TOO, MGA6TOO => MGA6TOO
Version: Cauldron => 7
Assignee: bugsquad => qa-bugs

Comment 2 Len Lawrence 2019-09-12 11:48:36 CEST 
mga6, x86_64

Clean update.
Visited the community section of the Adobe site and found a few animations which looked fine.

Whiteboard: MGA6TOO => MGA6TOO MGA6-64-OK
CC: (none) => tarazed25

Comment 3 Thomas Andrews 2019-09-12 16:25:33 CEST 
MGA7, Plasma, x86_64.

As with MGA6, a clean update. Visited the U.S. National Weather Service Doppler Radar at Binghamton, NY site, and ran an enhanced loop. With flash activated, the loop wouldn't run, but when activated it did. Looks good, except that rain is headed my way.

Validating. Advisory in Comment 1.

Whiteboard: MGA6TOO MGA6-64-OK => MGA6TOO MGA6-64-OK MGA7-64-OK
Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2019-09-12 18:43:47 CEST

Keywords: (none) => advisory
CC: (none) => tmb

Comment 4 Mageia Robot 2019-09-12 22:02:02 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0273.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED