Bug 23841 - flash-player-plugin security update 31.0.0.148
Summary: flash-player-plugin security update 31.0.0.148
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-11-14 09:10 CET by Nicolas Salguero
Modified: 2018-11-15 23:05 CET (History)
2 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2018-15978
Status comment:


Attachments

Description Nicolas Salguero 2018-11-14 09:10:21 CET
Hi,

Version 31.0.0.148 fixes CVE-2018-15978.

References:
https://helpx.adobe.com/security/products/flash-player/apsb18-39.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15978

Best regards,

Nico.
Nicolas Salguero 2018-11-14 09:10:43 CET

Whiteboard: (none) => MGA6TOO
CVE: (none) => CVE-2018-15978
Source RPM: (none) => flash-player-plugin

Comment 1 Nicolas Salguero 2018-11-14 09:30:29 CET
Suggested advisory:
========================

Updated flash-player-plugin package fixes a security vulnerability:

An important vulnerability in Adobe Flash Player 31.0.0.122 and earlier versions.  Successful exploitation could lead to information disclosure. (CVE-2018-15978)

References:
https://helpx.adobe.com/security/products/flash-player/apsb18-39.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15978
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-31.0.0.148-1.mga6

from flash-player-plugin-31.0.0.148-1.mga6.src.rpm

Status: NEW => ASSIGNED
Version: Cauldron => 6
Assignee: bugsquad => qa-bugs
Whiteboard: MGA6TOO => (none)

Comment 2 Dave Hodgins 2018-11-15 22:28:46 CET
Tested with http://get.adobe.com/flashplayer/about/ in opera 12.16, firefox, etc.

Confirmed it's in nonfree where it should be with ...
$ urpmq -i flash-player-plugin|grep ^Source|sort -uV|tail -n 1
Source RPM  : flash-player-plugin-31.0.0.148-1.mga6.nonfree.src.rpm
so using corrected srpm in advisory.
Advisory committed to svn.
Validating the update.

Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA6-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2018-11-15 23:05:47 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0453.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.