Bug 20818 - Security update request for flash-player-plugin, to 25.0.0.171
Summary: Security update request for flash-player-plugin, to 25.0.0.171
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: https://helpx.adobe.com/security/prod...
Whiteboard: MGA5-64-OK MGA5-32-OK advisory
Keywords: Security, validated_update
Depends on:
Blocks: 20898
  Show dependency treegraph
 
Reported: 2017-05-09 17:36 CEST by Anssi Hannula
Modified: 2017-05-21 22:29 CEST (History)
5 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
Status comment:


Attachments

Description Anssi Hannula 2017-05-09 17:36:55 CEST
Advisory:
============
Adobe Flash Player 25.0.0.171 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This updates resolves a use-after-free vulnerability that could lead to code execution (CVE-2017-3071).

This updates resolves memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074).

References:
https://helpx.adobe.com/security/products/flash-player/apsb17-15.html
============

Updated Flash Player packages have been submitted to mga5 nonfree/updates_testing.

Source packages:
flash-player-plugin-25.0.0.171-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde
Comment 1 James Kerr 2017-05-10 21:15:44 CEST
On mga5-64

$ rpm -q flash-player-plugin
flash-player-plugin-25.0.0.171-1.mga5.nonfree

Seems to be OK - no problems encountered

CC: (none) => jim

Comment 2 Len Lawrence 2017-05-12 11:04:19 CEST
x86_64 on real hardware
Updated from non-free updates testing.
Tried it out at Adobe Showcase and played a couple of games od BubbleShooter online.  Works fine.

CC: (none) => tarazed25

Comment 3 Len Lawrence 2017-05-12 11:25:58 CEST
Adobe Showcase and BubbleShooter work fine in i586 virtualbox.
Comment 4 Thomas Andrews 2017-05-13 22:25:30 CEST
x86_64 on real hardware - Athlon X2, nvidia340 graphics, server kernel.

Looks good here. Played local weather forecast from this morning.

CC: (none) => andrewsfarm

Comment 5 Rémi Verschelde 2017-05-19 11:21:35 CEST
Seems good to validate.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 6 James Kerr 2017-05-19 13:17:20 CEST
Added the OK's to the whiteboard (update already validated by Rémi)

Whiteboard: (none) => MGA5-64-OK MGA5-32-OK

Dave Hodgins 2017-05-20 22:32:07 CEST

CC: (none) => davidwhodgins
Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisory

Anssi Hannula 2017-05-21 20:52:57 CEST

Blocks: (none) => 20898

Comment 7 Mageia Robot 2017-05-21 22:29:38 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0143.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.