Bug 19741 - Security update request for flash-player-plugin, to 11.2.202.644
Summary: Security update request for flash-player-plugin, to 11.2.202.644
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5-32-OK mga5-64-ok advisory
Keywords: Security, validated_update
: 19746 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-11-08 19:39 CET by Anssi Hannula
Modified: 2016-11-09 21:26 CET (History)
4 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2016-11-08 19:39:47 CET 
Advisory:
============
Adobe Flash Player 11.2.202.644 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This update resolves type confusion vulnerabilities that could lead to code execution (CVE-2016-7860, CVE-2016-7861, CVE-2016-7865).

This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864).

References:
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
============

Updated Flash Player packages have been submitted to mga5 nonfree/updates_testing.

Source packages:
flash-player-plugin-11.2.202.644-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde
Comment 1 David Walser 2016-11-09 02:51:34 CET 
Works fine on some sites, Mageia 5 i586.

Whiteboard: (none) => MGA5-32-OK

Comment 2 James Kerr 2016-11-09 09:05:15 CET 
On mga5-64

Packages installed;

- flash-player-plugin-11.2.202.644-1.mga5.nonfree.x86_64
- flash-player-plugin-kde-11.2.202.644-1.mga5.nonfree.x86_64

videos and streaming video OK
System Settings module OK

OK for mga5-64

Card:Intel 810 and later

CC: (none) => jim

Comment 3 Len Lawrence 2016-11-09 09:27:20 CET 
x86_64  Mate  nvidia GTX770
Enabled both 32-bit and 64-bit nonfree updates testing
Installed the plugins.
Played Youtube and Vevo videos in Firefox.  All OK; in fullscreen mode also.

CC: (none) => tarazed25

Comment 4 claire robinson 2016-11-09 14:38:41 CET 
Validating. Advisory uploaded.

Please push to 5 updates.

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA5-32-OK => MGA5-32-OK mga5-64-ok advisory
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2016-11-09 18:05:35 CET 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0370.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Comment 6 David Walser 2016-11-09 21:26:02 CET 
*** Bug 19746 has been marked as a duplicate of this bug. ***

CC: (none) => zombie_ryushu
Note You need to log in before you can comment on or make changes to this bug.