Bug 27432

Summary: flash-player-plugin security update 32.0.0.445
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: herman.viaene, ouaurelien, sysadmin-bugs
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: flash-player-plugin CVE: CVE-2020-9746
Status comment:

Description Nicolas Salguero 2020-10-16 11:44:39 CEST 
Hi,

Version 32.0.0.445 fixes CVE-2020-9746.

References:
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9746

Best regards,

Nico.
Comment 1 Nicolas Salguero 2020-10-16 11:50:37 CEST 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

NULL Pointer Dereference that leads to arbitrary code execution in the context of the current user. (CVE-2020-9746)

References:
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9746
========================

Updated packages in core/updates_testing:
========================
flash-player-plugin-32.0.0.445-1.mga7.nonfree

from SRPMS:
flash-player-plugin-32.0.0.445-1.mga7.nonfree.src.rpm

CVE: (none) => CVE-2020-9746
Source RPM: (none) => flash-player-plugin
Assignee: bugsquad => qa-bugs
Status: NEW => ASSIGNED

Comment 2 Herman Viaene 2020-10-16 16:01:51 CEST 
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref bug 27264 to test: site responds: "You have version 32,0,0,445 installed"
So OK for me.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 3 Aurelien Oudelet 2020-10-16 16:28:10 CEST 
Validating_update

Advisory:
========================

The updated package fixes a security vulnerability:

NULL Pointer Dereference that leads to arbitrary code execution in the context of the current user. (CVE-2020-9746)

References:
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9746
========================

SRPMS:
flash-player-plugin-32.0.0.445-1.mga7.nonfree.src.rpm

Keywords: (none) => advisory, validated_update
CC: (none) => ouaurelien, sysadmin-bugs

Comment 4 Mageia Robot 2020-10-16 17:46:31 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0386.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED