Adobe Flash Player 184.108.40.206 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.
This update resolves security bypass and memory corruption vulnerabilities that could lead to information disclosure or code execution (CVE-2017-3080, CVE-2017-3099, CVE-2017-3100).
Updated Flash Player packages have been submitted to mga5 nonfree/updates_testing.
Usual flash testing, including http://get.adobe.com/flashplayer/about/
and checking the player settings under the tools menu.
Validating the update.
It needs to be pushed and validated for Mageia 6 too before we can get it in Mageia 5, otherwise it will break the upgrade path.
Note that as announced by Thomas on the dev@ ML, we can now use updates_testing for cauldron/mga6 to test and validate normal updates for the stable Mageia 6.
I've submitted updated Flash Player packages now into mga6/cauldron nonfree/updates_testing as well.
FWIW, OK for me on 32-bit install on real Intel motherboard, Core 2 Duo, and graphics.
mga6 x86_64 Mate
Visited get.adobe.com and played some of the corporate videos.
Checked bubbleshooter.com but it hung every time, so free play must be disabled now.
The plugin is working anyway.
On a new installation of mageia 6 flash-player-plugin was updated to version 220.127.116.11 (see comment 6) but in firefox -> tools -> plugins this is what is registered:
Shockwave Flash 18.104.22.168 - last updated 2 May 2017
This package does not contain the Flash Player itself. The software is
automatically downloaded from Adobe during package installation.
This package requires the freshplayerplugin wrapper in
/usr/lib64/mozilla/plugins/libfreshwrapper-flashplayer.so which allows
the PPAPI plugin to be used on NPAPI browsers (e.g. Firefox) as well.
From `ls -l /usr/lib64/mozilla/plugins`
-rwxr-xr-x 1 root root 1088312 May 2 11:29 libfreshwrapper-flashplayer.so
flash-player-plugin]$ sudo urpmi --test flash-player-ppapi-22.214.171.124-release.x86_64.rpm
The following package has to be removed for others to be upgraded:
(due to conflicts with flash-player-ppapi)
(test only, removal will not be actually done) (y/N)
This is all very confusing. What should we expect to see?
(In reply to Len Lawrence from comment #7)
> On a new installation of mageia 6 flash-player-plugin was updated to version
> 126.96.36.199 (see comment 6) but in firefox -> tools -> plugins this is what
> is registered:
> Shockwave Flash 188.8.131.52 - last updated 2 May 2017
Did you restart Firefox?
Testing on Mageia 6 x86_64, works fine.
Hmm, I think a "touch" for libfreshwrapper*so is missing from %post of flash-player-plugin, to make Firefox detect the new version.
This was discussed before and David had already added the prequisite %verify(not mtime) tag in freshplayerplugin.
I'll submit a new flash-player-plugin for mga6 testing within a day.
Len, you shouldn't be trying to install the adobe package directly. Sometimes when you upgrade Flash you have to kill the plugin-container process (or restart Firefox) for it to use the new version.
@Rémi - re comment 8 - yes I remembered to restart the browser.
@David - re comment 10 - I only tried that as a test to see what it would try to do - had no intention of running the command for real. Just curious about the different version numbers.
MGA6-32 on Asus A6000VM MATE
Installation: I did not find flash-player-plugin-kde in the repo
Checked with Adobe website, checked plugin in Firefox and run www.classiccomposers.org (press "Live" to play). OK for me.
Updated Flash Player packages have been submitted to mga6 nonfree/updates_testing that should fix Len Lawrence's issue in comment #7.
Specifically, Firefox should now see the new version number after upgrading from mga6 version 184.108.40.206.
No change in advisory. Mageia 5 packages were not affected.
Yep, that has fixed it. And Adobe's own showcase videos run fine.
Works fine here too, validating.
An update for this issue has been pushed to the Mageia Updates repository.