Bug 21883 - Security update request for flash-player-plugin, to 27.0.0.170
Summary: Security update request for flash-player-plugin, to 27.0.0.170
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: High major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: https://helpx.adobe.com/security/prod...
Whiteboard: MGA5TOO MGA5-64-OK MGA6-64-OK
Keywords: Security, advisory, validated_update
Depends on:
Blocks:
 
Reported: 2017-10-16 16:37 CEST by Anssi Hannula
Modified: 2017-10-18 22:20 CEST (History)
3 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2017-11292
Status comment:


Attachments

Description Anssi Hannula 2017-10-16 16:37:13 CEST
Advisory:
============
Adobe Flash Player 27.0.0.170 addresses a critical type confusion vulnerability that could lead to code execution (CVE-2017-11292).

Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows.

References:
https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
============

Updated Flash Player packages have been submitted to mga5+mga6 nonfree/updates_testing.

Source packages:
flash-player-plugin-27.0.0.170-1.mga6.nonfree
flash-player-plugin-27.0.0.170-1.mga5.nonfree

Binary packages:
flash-player-plugin
flash-player-plugin-kde (mga5 only)
Anssi Hannula 2017-10-16 16:37:33 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 PC LX 2017-10-17 01:48:58 CEST
Installed and tested without issues.

Tested using Firefox and Konqueror with several flash games and videos. All seems OK.

System: Mageia 5, x86_64, Plasma DE, Intel CPU, nVidia GPU using proprietary driver nvidia340.

$ uname -a
Linux marte 4.4.92-desktop-1.mga5 #1 SMP Thu Oct 12 20:14:45 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q flash-player-plugin
flash-player-plugin-27.0.0.170-1.mga5.nonfree

Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OK
CC: (none) => mageia

Comment 2 Dave Hodgins 2017-10-17 02:53:32 CEST
Confirmed ok on Mageia 6 x86_64.
Advisory committed to svn.
Validating the update.

Keywords: (none) => advisory, validated_update
Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2017-10-18 22:20:37 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0377.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.