Hi, Version 25.0.0.127 fixes: A buffer overflow vulnerability that could lead to code execution (CVE-2017-2997). Memory corruption vulnerabilities that could lead to code execution (CVE-2017-2998, CVE-2017-2999). A random number generator vulnerability used for constant blinding that could lead to information disclosure (CVE-2017-3000). Use-after-free vulnerabilities that could lead to code execution (CVE-2017-3001, CVE-2017-3002, CVE-2017-3003). Reference: https://helpx.adobe.com/security/products/flash-player/apsb17-07.html Best regards, Nico.
Source RPM: (none) => flash-player-pluginWhiteboard: (none) => MGA5TOO
CC: (none) => marja11Assignee: bugsquad => anssi.hannula
Flash 25 is already in Cauldron. Could someone backport it to Mageia 5, please? Firefox already blocked several websites due to a too old version of Flash. :(
Will do.
Status: NEW => ASSIGNEDVersion: Cauldron => 5Assignee: anssi.hannula => rverscheldeWhiteboard: MGA5TOO => (none)
Submitted to nonfree/updates_testing: flash-player-plugin-25.0.0.127-1.mga5 Advisory yet to come.
Assignee: rverschelde => qa-bugs
Tested on i586 and x86_64. Advisory added as ... type: security subject: Updated flash-player-plugin packages fix security vulnerability CVE: - CVE-2017-2997 - CVE-2017-2998 - CVE-2017-2999 - CVE-2017-3000 - CVE-2017-3001 - CVE-2017-3002 - CVE-2017-3003 src: 5: nonfree: - flash-player-plugin-25.0.0.127-1.mga5.nonfree description: | Updated flash-player-plugin installs latest version for the flash plugin from adobe. See the referenced security bulletin for details. references: - https://bugs.mageia.org/show_bug.cgi?id=20536 - https://helpx.adobe.com/security/products/flash-player/apsb17-07.html Validating the update
Keywords: (none) => validated_updateWhiteboard: (none) => advisory MGA5-64-OK MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0087.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED