23175 – Update Candidate: Flashplayer Plugin 30.0.0.113

Bug 23175 - Update Candidate: Flashplayer Plugin 30.0.0.113

Summary: Update Candidate: Flashplayer Plugin 30.0.0.113

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA6-32-OK MGA6-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2018-06-13 10:15 CEST by Stig-Ørjan Smelror
Modified:	2018-06-16 11:29 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:
CVE:	CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Stig-Ørjan Smelror 2018-06-13 10:15:11 CEST Comment hidden (obsolete)

Advisory
========

The Flash Player plugin has been updated to the latest version. It is a bug fix release.


References
==========
https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html


Files
=====

Uploaded to core/updates_testing

flash-player-plugin-30.0.0.113-1.mga6

from flash-player-plugin-30.0.0.113-1.mga6.src.rpm

Comment 1 Stig-Ørjan Smelror 2018-06-13 10:21:14 CEST

Advisory
========

The Flash Player plugin has been updated to the latest version. It is a bug fix release.


References
==========
https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html


Files
=====

Uploaded to nonfree/updates_testing

flash-player-plugin-30.0.0.113-1.mga6

from flash-player-plugin-30.0.0.113-1.mga6.src.rpm

Comment 2 Thomas Andrews 2018-06-15 02:18:14 CEST

On real hardware, HP 6550b laptop, i3, 8GB, Intel graphics, Intel wifi, 64-bit Plasma system:

Package installed cleanly. Went to one site known to use flash, and an Adone test site. Both worked as expected.

Looks OK to me for 64-bit.

CC: (none) => andrewsfarm

Comment 3 William Kenney 2018-06-15 23:04:42 CEST

In VirtualBox, M6, MATE, 32-bit

Package(s) under test:
flash-player-plugin

default install of flash-player-plugin

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-29.0.0.171-1.mga6.nonfree.i586 is already installed

https://helpx.adobe.com/flash-player.html
Works, reloads and works again. Shows I am using flash: 29.0.0.171
Indicates that I am not using the latest Flash Player version.
Some sites are indicating that I am not using the latest Flash Player

Install flash-player-plugin from updates_testing

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-30.0.0.113-1.mga6.nonfree.i586 is already installed

https://helpx.adobe.com/flash-player.html
Works, reloads and works again. Shows I am using flash: 30.0.0.113
Sites that need Flash Player play Flash content

CC: (none) => wilcal.int

Comment 4 William Kenney 2018-06-15 23:14:54 CEST

In VirtualBox, M6, MATE, 64-bit

Package(s) under test:
flash-player-plugin

default install of flash-player-plugin

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-29.0.0.171-1.mga6.nonfree.x86_64 is already installed

https://helpx.adobe.com/flash-player.html
Works, reloads and works again. Shows I am using flash: 29.0.0.171
Indicates that I am not using the latest Flash Player version.
Some sites are indicating that I am not using the latest Flash Player

Install flash-player-plugin from updates_testing

[root@localhost wilcal]# urpmi flash-player-plugin
Package flash-player-plugin-30.0.0.113-1.mga6.nonfree.x86_64 is already installed

https://helpx.adobe.com/flash-player.html
Works, reloads and works again. Shows I am using flash: 30.0.0.113
Sites that need Flash Player play Flash content

William Kenney 2018-06-15 23:15:24 CEST

Whiteboard: (none) => MGA6-32-OK MGA6-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Thomas Backlund 2018-06-16 11:10:07 CEST

Fixed advisory, added to svn:

type: security
subject: Updated flash-player-plugin packages fixes security issues
CVE:
 - CVE-2018-4945
 - CVE-2018-5000
 - CVE-2018-5001
 - CVE-2018-5002
src:
  6:
   nonfree:
     - flash-player-plugin-30.0.0.113-1.mga6
description: |
  Updated flash-player-plugin packages fixes the following security issues

  A remote attacker could possibly execute arbitrary code with the privileges
  of the process or obtain sensitive information (CVE-2018-4945, 
  CVE-2018-5000, CVE-2018-5001, CVE-2018-5002).

  In response to a class of recently disclosed vulnerabilities in popular
  CPU hardware related to data cache timing (CVE-2017-5753, CVE-2017-5715,
  CVE-2017-5754), known popularly as Spectre and Meltdown, Adobe are
  disabling the ‘shareable’ property of the ActionScript ByteArray class
  by default. For more info see the referenced adobe release notes.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=23175
 - https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
 - https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html

Component: RPM Packages => Security
CC: (none) => tmb
CVE: (none) => CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002
QA Contact: (none) => security
Keywords: (none) => advisory

Comment 6 Mageia Robot 2018-06-16 11:29:28 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0286.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.