Bug 23872 - flash-player-plugin security update 31.0.0.153
Summary: flash-player-plugin security update 31.0.0.153
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-11-21 09:22 CET by Nicolas Salguero
Modified: 2018-11-22 23:27 CET (History)
3 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2018-15981
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2018-11-21 09:22:24 CET 
Hi,

Version 31.0.0.153 fixes CVE-2018-15981.

References:
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15981

Best regards,

Nico.
Nicolas Salguero 2018-11-21 09:22:52 CET

Source RPM: (none) => flash-player-plugin
CVE: (none) => CVE-2018-15981
Whiteboard: (none) => MGA6TOO

Comment 1 Nicolas Salguero 2018-11-21 09:32:56 CET 
Suggested advisory:
========================

Updated flash-player-plugin package fixes a security vulnerability:

A critical vulnerability in Adobe Flash Player 31.0.0.148 and earlier versions.  Successful exploitation could lead to arbitrary code execution in the context of the current user. (CVE-2018-15981)

References:
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15981
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-31.0.0.153-1.mga6

from flash-player-plugin-31.0.0.153-1.mga6.src.rpm

Status: NEW => ASSIGNED
Version: Cauldron => 6
Assignee: bugsquad => qa-bugs
Whiteboard: MGA6TOO => (none)

Comment 2 Thomas Andrews 2018-11-21 19:48:14 CET 
Another one, eh? 

Package installed cleanly. Works OK in a 64-bit VirtualBox VM.

CC: (none) => andrewsfarm

Comment 3 Thomas Andrews 2018-11-21 20:27:47 CET 
On real Intel-based hardware, 64-bit Plasma system.

Package installed cleanly. Seems to work OK to run a loop on a NOAA weather radar site.
Comment 4 Thomas Andrews 2018-11-21 20:59:41 CET 
Same hardware as above, 32-bit Plasma system.

Same results. No problems noted.
Comment 5 Thomas Andrews 2018-11-21 21:05:29 CET 
On real AMD-based hardware, with a graphics card using the nvidia340 driver, on a 64-bit Plasma system.

Package installed cleanly. NOAA weather radar site works as with everything else.

Since I'm not seeing any problems on two very different sets of hardware, and in VirtualBox, I'm giving this OKs and validating. Suggested advisory in Comment 1.

Whiteboard: (none) => MGA6-32-OK MGA6-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Lewis Smith 2018-11-22 22:22:18 CET

Keywords: (none) => advisory
CC: (none) => lewyssmith

Comment 6 Mageia Robot 2018-11-22 23:27:36 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0467.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.