Bug 23175 - Update Candidate: Flashplayer Plugin 30.0.0.113
Summary: Update Candidate: Flashplayer Plugin 30.0.0.113
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-06-13 10:15 CEST by Stig-Ørjan Smelror
Modified: 2018-06-16 11:29 CEST (History)
4 users (show)

See Also:
Source RPM:
CVE: CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002
Status comment:


Attachments

Description Stig-Ørjan Smelror 2018-06-13 10:15:11 CEST Comment hidden (obsolete)
Comment 1 Stig-Ørjan Smelror 2018-06-13 10:21:14 CEST
Advisory
========

The Flash Player plugin has been updated to the latest version. It is a bug fix release.


References
==========
https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html


Files
=====

Uploaded to nonfree/updates_testing

flash-player-plugin-30.0.0.113-1.mga6

from flash-player-plugin-30.0.0.113-1.mga6.src.rpm
Comment 2 Thomas Andrews 2018-06-15 02:18:14 CEST
On real hardware, HP 6550b laptop, i3, 8GB, Intel graphics, Intel wifi, 64-bit Plasma system:

Package installed cleanly. Went to one site known to use flash, and an Adone test site. Both worked as expected.

Looks OK to me for 64-bit.

CC: (none) => andrewsfarm

Comment 3 William Kenney 2018-06-15 23:04:42 CEST
In VirtualBox, M6, MATE, 32-bit

Package(s) under test:
flash-player-plugin

default install of flash-player-plugin

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-29.0.0.171-1.mga6.nonfree.i586 is already installed

https://helpx.adobe.com/flash-player.html
Works, reloads and works again. Shows I am using flash: 29.0.0.171
Indicates that I am not using the latest Flash Player version.
Some sites are indicating that I am not using the latest Flash Player

Install flash-player-plugin from updates_testing

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-30.0.0.113-1.mga6.nonfree.i586 is already installed

https://helpx.adobe.com/flash-player.html
Works, reloads and works again. Shows I am using flash: 30.0.0.113
Sites that need Flash Player play Flash content

CC: (none) => wilcal.int

Comment 4 William Kenney 2018-06-15 23:14:54 CEST
In VirtualBox, M6, MATE, 64-bit

Package(s) under test:
flash-player-plugin

default install of flash-player-plugin

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-29.0.0.171-1.mga6.nonfree.x86_64 is already installed

https://helpx.adobe.com/flash-player.html
Works, reloads and works again. Shows I am using flash: 29.0.0.171
Indicates that I am not using the latest Flash Player version.
Some sites are indicating that I am not using the latest Flash Player

Install flash-player-plugin from updates_testing

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-30.0.0.113-1.mga6.nonfree.x86_64 is already installed

https://helpx.adobe.com/flash-player.html
Works, reloads and works again. Shows I am using flash: 30.0.0.113
Sites that need Flash Player play Flash content
William Kenney 2018-06-15 23:15:24 CEST

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA6-32-OK MGA6-64-OK

Comment 5 Thomas Backlund 2018-06-16 11:10:07 CEST
Fixed advisory, added to svn:

type: security
subject: Updated flash-player-plugin packages fixes security issues
CVE:
 - CVE-2018-4945
 - CVE-2018-5000
 - CVE-2018-5001
 - CVE-2018-5002
src:
  6:
   nonfree:
     - flash-player-plugin-30.0.0.113-1.mga6
description: |
  Updated flash-player-plugin packages fixes the following security issues

  A remote attacker could possibly execute arbitrary code with the privileges
  of the process or obtain sensitive information (CVE-2018-4945, 
  CVE-2018-5000, CVE-2018-5001, CVE-2018-5002).

  In response to a class of recently disclosed vulnerabilities in popular
  CPU hardware related to data cache timing (CVE-2017-5753, CVE-2017-5715,
  CVE-2017-5754), known popularly as Spectre and Meltdown, Adobe are
  disabling the ‘shareable’ property of the ActionScript ByteArray class
  by default. For more info see the referenced adobe release notes.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=23175
 - https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
 - https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html

Component: RPM Packages => Security
Keywords: (none) => advisory
QA Contact: (none) => security
CVE: (none) => CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002
CC: (none) => tmb

Comment 6 Mageia Robot 2018-06-16 11:29:28 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0286.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.