Hi, Version 11.2.202.643 fixes a use-after-free vulnerability that could lead to code execution (CVE-2016-7855). Best regards, Nico.
CVE: (none) => CVE-2016-7855Source RPM: (none) => flash-player-pluginWhiteboard: (none) => MGA5TOO
Assignee: bugsquad => anssi.hannula
SRPM: flash-player-plugin-11.2.202.643-1.mga5.nonfree.src.rpm i586: flash-player-plugin-11.2.202.643-1.mga5.nonfree.i586.rpm flash-player-plugin-kde-11.2.202.643-1.mga5.nonfree.i586.rpm x86_64: flash-player-plugin-11.2.202.643-1.mga5.nonfree.x86_64.rpm flash-player-plugin-kde-11.2.202.643-1.mga5.nonfree.x86_64.rpm Advisory: This update fixes a use-after-free issue that can be triggered by attackers for arbitrary code execution, potentially allow the attacker to take control of the affected system (CVE-2016-7855). References: https://helpx.adobe.com/security/products/flash-player/apsb16-36.html
CC: (none) => tmbAssignee: anssi.hannula => qa-bugs
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
On mga5-64 Installed packages: flash-player-plugin-kde-11.2.202.643-1.mga5.nonfree.x86_64.rpm flash-player-plugin-11.2.202.643-1.mga5.nonfree.x86_64 KDE systems Settings module seems to be fully functional Streaming video and video playing OK, including those where firefox had been reporting the previous flash-player version as insecure. OK for me on mga5-64
CC: (none) => jim
In VirtualBox, M5, KDE, 32-bit Package(s) under test: flash-player-plugin flash-player-plugin-kde default install of flash-player-plugin & flash-player-plugin-kde [root@localhost wilcal]# urpmi flash-player-plugin Package flash-player-plugin-11.2.202.637-1.mga5.nonfree.i586 is already installed [root@localhost wilcal]# urpmi flash-player-plugin-kde Package flash-player-plugin-kde-11.2.202.637-1.mga5.nonfree.i586 is already installed https://www.adobe.com/software/flash/about/ works, reloads and works again. Shows I am using flash: 11,2,202,637 Various sites indicate that flash is out of date. install flash-player-plugin & flash-player-plugin-kde from updates_testing [root@localhost wilcal]# urpmi flash-player-plugin Package flash-player-plugin-11.2.202.643-1.mga5.nonfree.i586 is already installed [root@localhost wilcal]# urpmi flash-player-plugin-kde Package flash-player-plugin-kde-11.2.202.643-1.mga5.nonfree.i586 is already installed https://www.adobe.com/software/flash/about/ works, reloads and works again. Shows I am using flash: 11,2,202,643 No indication of out of date flash player.
CC: (none) => wilcal.int
Whiteboard: (none) => MGA5-32-OK
In VirtualBox, M5, KDE, 64-bit Package(s) under test: flash-player-plugin flash-player-plugin-kde default install of flash-player-plugin & flash-player-plugin-kde [root@localhost wilcal]# urpmi flash-player-plugin Package flash-player-plugin-11.2.202.637-1.mga5.nonfree.x86_64 is already installed [root@localhost wilcal]# urpmi flash-player-plugin-kde Package flash-player-plugin-kde-11.2.202.637-1.mga5.nonfree.x86_64 is already installed https://www.adobe.com/software/flash/about/ works, reloads and works again. Shows I am using flash: 11,2,202,637 Various sites indicate that flash is out of date. install flash-player-plugin & flash-player-plugin-kde from updates_testing [root@localhost wilcal]# urpmi flash-player-plugin Package flash-player-plugin-11.2.202.643-1.mga5.nonfree.x86_64 is already installed [root@localhost wilcal]# urpmi flash-player-plugin-kde Package flash-player-plugin-kde-11.2.202.643-1.mga5.nonfree.x86_64 is already installed https://www.adobe.com/software/flash/about/ works, reloads and works again. Shows I am using flash: 11,2,202,643 No indication of out of date flash player.
Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK
This update works fine. Testing complete for MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
KDE/Firefox i386 Tested on scratch projects, scratch editor and streaming site. It works :)
CC: (none) => fred.thuillier
Adding my voice to the chorus. This update working on my 64-bit AMD/nvidia machine as it should. The notice that it was out of date is gone.
CC: (none) => andrewsfarm
CC: (none) => davidwhodginsWhiteboard: MGA5-32-OK MGA5-64-OK => MGA5-32-OK MGA5-64-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0360.html
Status: NEW => RESOLVEDResolution: (none) => FIXED