Hi, Version 28.0.0.161 fixes: A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email. Reference: https://helpx.adobe.com/security/products/flash-player/apsa18-01.html Best regards, Nico.
CVE: (none) => CVE-2018-4878Whiteboard: (none) => MGA6TOOSource RPM: (none) => flash-player-plugin
Assignee: bugsquad => anssi.hannulaCC: (none) => marja11
Make this package create the necessary links to get flash player in Chromium browser. https://wiki.mageia.org/en/Mageia_6_Errata#Due_to_packaging_issues_flash_plugin_not_works_in_Chromium_Browser
CC: (none) => j.alberto.vc
Advisory: ============ Adobe Flash Player 28.0.0.161 addresses critical use-after-free vulnerabilities that could lead to remote code execution (CVE-2018-4877, CVE-2018-4878). Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email. References: https://helpx.adobe.com/security/products/flash-player/apsb18-03.html ============ Updated Flash Player packages have been submitted to mga6 nonfree/updates_testing and to cauldron nonfree/release. Source packages: flash-player-plugin-28.0.0.161-1.mga6.nonfree Binary packages: flash-player-plugin
Assignee: anssi.hannula => qa-bugsCVE: CVE-2018-4878 => CVE-2018-4877 CVE-2018-4878Keywords: (none) => SecurityStatus: NEW => ASSIGNEDURL: (none) => https://helpx.adobe.com/security/products/flash-player/apsb18-03.htmlCC: (none) => anssi.hannulaWhiteboard: MGA6TOO => (none)Version: Cauldron => 6
Tested mga6 64 Checked correct version being downloaded. Note that by downloading the Adobe Flash Player you indicate your acceptance of the EULA, available at http://www.adobe.com/products/eulas/players/flash/ Downloading from http://fpdownload.adobe.com/get/flashplayer/pdc/28.0.0.161/flash-player-ppapi-28.0.0.161-release.x86_64.rpm: Tested at adobe test page and video plays ok. http://get.adobe.com/flashplayer/about/ Used the awful settings manager to delete local storage. http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html Validating. I'm not set up on this one to upload the advisory, sorry.
Whiteboard: (none) => mga6-64-okKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0120.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED