Bug 23292 - flash-player-plugin security update 30.0.0.134
Summary: flash-player-plugin security update 30.0.0.134
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-07-11 14:20 CEST by Nicolas Salguero
Modified: 2018-07-13 21:02 CEST (History)
6 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2018-5007, CVE-2018-5008
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2018-07-11 14:20:48 CEST 
Hi,

Version 30.0.0.134 fixes CVE-2018-5007 and CVE-2018-5008.

References:
https://helpx.adobe.com/security/products/flash-player/apsb18-24.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5008

Best regards,

Nico.
Nicolas Salguero 2018-07-11 14:21:50 CEST

CVE: (none) => CVE-2018-5007, CVE-2018-5008
Whiteboard: (none) => MGA6TOO
Source RPM: (none) => flash-player-plugin

Comment 1 Marja Van Waes 2018-07-12 09:36:31 CEST 
Assigning to the registered maintainer.

CC: (none) => marja11, mrambo, smelror
Assignee: bugsquad => anssi.hannula

Comment 2 Mike Rambo 2018-07-12 15:17:49 CEST 
Updated files uploaded for Cauldron and Mageia 6.

Advisory:
========================

Updated flash-player-plugin package fixes security vulnerabilities:

* A type confusion vulnerability that could lead to arbitrary code execution (CVE-2018-5007).
* An out of bounds read that could lead to information disclosure (CVE-2018-5008).


References:
https://helpx.adobe.com/security/products/flash-player/apsb18-24.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5008
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-30.0.0.134-1.mga6

from flash-player-plugin-30.0.0.134-1.mga6.src.rpm

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)
Assignee: anssi.hannula => qa-bugs

Comment 3 Nicolas Salguero 2018-07-12 16:04:07 CEST 
Hi,

It seems you submitted to core/updates_testing in place of nonfree/updates_testing for Mga6.

Best regards,

Nico.
Comment 4 Dave Hodgins 2018-07-12 19:20:23 CEST 
This should be removed from Mageia 6 core updates testing and resubmitted to
nonfree updates testing.

Keywords: (none) => feedback
CC: (none) => davidwhodgins

Comment 5 Herman Viaene 2018-07-13 16:13:20 CEST 
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues
All sites I regularly use don't use flash anymore. But youtube and Mr. Bean provided me with a flash movie. Works OK.

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene

Comment 6 Dave Hodgins 2018-07-13 18:28:25 CEST 
Tested at http://www.dhs.state.il.us/accessibility/tests/flash/video.html on m6 x86_64.

Advisory committed to svn.
Validating the update.

Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
Keywords: feedback => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2018-07-13 21:02:23 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0315.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.