21083 – Security update request for flash-player-plugin, to 26.0.0.126

Bug 21083 - Security update request for flash-player-plugin, to 26.0.0.126

Summary: Security update request for flash-player-plugin, to 26.0.0.126

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	https://helpx.adobe.com/security/prod...
Whiteboard:	MGA5-64-OK advisory MGA5-32-OK
Keywords:	Security, validated_update

Depends on:
Blocks:

Reported:	2017-06-13 23:21 CEST by Anssi Hannula
Modified:	2017-06-14 15:51 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	flash-player-plugin
CVE:	CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2017-06-13 23:21:55 CEST

Advisory:
============
Adobe Flash Player 26.0.0.126 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.

This update resolves use-after-free vulnerabilities and memory corruption vulnerabilities that could lead to code execution (CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082).

References:
https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
============

Updated Flash Player packages have been submitted to mga5 nonfree/updates_testing.

Source packages:
flash-player-plugin-26.0.0.126-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde

Comment 1 David Walser 2017-06-14 02:24:12 CEST

The Adobe Flash test page works and shows the correct version:
http://get.adobe.com/flashplayer/about/

and Ticketmaster's site still works (one of the few still using Flash).

OK for Mageia 5 x86_64.

Whiteboard: (none) => MGA5-64-OK

Lewis Smith 2017-06-14 11:47:14 CEST

CC: (none) => lewyssmith
Whiteboard: MGA5-64-OK => MGA5-64-OK advisory

Comment 2 James Kerr 2017-06-14 12:49:21 CEST

On mga5-32 (in a vbox VM)
Package installed cleanly:
flash-player-plugin-26.0.0.126-1.mga5.nonfree.i586

Adobe web site confirms flash-player version
Flash works in a couple of web sites that I believe still use it.

OK for mga5-32

Whiteboard: MGA5-64-OK advisory => MGA5-64-OK advisory MGA5-32-OK
CC: (none) => jim

Comment 3 James Kerr 2017-06-14 12:50:36 CEST

This update is now validated and can be pushed to updates

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2017-06-14 15:51:15 CEST

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0172.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.