Advisory: ============ Adobe Flash Player 27.0.0.170 addresses a critical type confusion vulnerability that could lead to code execution (CVE-2017-11292). Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows. References: https://helpx.adobe.com/security/products/flash-player/apsb17-32.html ============ Updated Flash Player packages have been submitted to mga5+mga6 nonfree/updates_testing. Source packages: flash-player-plugin-27.0.0.170-1.mga6.nonfree flash-player-plugin-27.0.0.170-1.mga5.nonfree Binary packages: flash-player-plugin flash-player-plugin-kde (mga5 only)
Whiteboard: (none) => MGA5TOO
Installed and tested without issues. Tested using Firefox and Konqueror with several flash games and videos. All seems OK. System: Mageia 5, x86_64, Plasma DE, Intel CPU, nVidia GPU using proprietary driver nvidia340. $ uname -a Linux marte 4.4.92-desktop-1.mga5 #1 SMP Thu Oct 12 20:14:45 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q flash-player-plugin flash-player-plugin-27.0.0.170-1.mga5.nonfree
Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OKCC: (none) => mageia
Confirmed ok on Mageia 6 x86_64. Advisory committed to svn. Validating the update.
Keywords: (none) => advisory, validated_updateWhiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0377.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED