Bug 24363 - flash-player-plugin security update 32.0.0.142
Summary: flash-player-plugin security update 32.0.0.142
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-02-15 09:33 CET by Nicolas Salguero
Modified: 2019-02-17 18:19 CET (History)
3 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2019-7090
Status comment:


Attachments

Description Nicolas Salguero 2019-02-15 09:33:38 CET
Hi,

Version 32.0.0.142 fixes CVE-2019-7090.

References:
https://helpx.adobe.com/security/products/flash-player/apsb19-06.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7090

Best regards,

Nico.
Nicolas Salguero 2019-02-15 09:34:05 CET

Source RPM: (none) => flash-player-plugin
Assignee: bugsquad => nicolas.salguero
CVE: (none) => CVE-2019-7090

Comment 1 Nicolas Salguero 2019-02-15 09:39:51 CET
Suggested advisory:
========================

Updated flash-player-plugin package fixes a security vulnerability:

Information disclosure in the context of the current user. (CVE-2019-7090)

References:
https://helpx.adobe.com/security/products/flash-player/apsb19-06.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7090
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-32.0.0.142-1.mga6

from flash-player-plugin-32.0.0.142-1.mga6.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs

Nicolas Salguero 2019-02-15 11:17:23 CET

Version: Cauldron => 6

Comment 2 Thomas Andrews 2019-02-15 16:58:52 CET
Tried this in the 32-bit soon-to-be-pushed Firefox 60.5.1-1 on a Plasma system.

Package installed cleanly, and a site known to still use Flash operated normally.

Looks OK for 32-bit.

CC: (none) => andrewsfarm
Whiteboard: (none) => MGA6-32-OK

Comment 3 Thomas Andrews 2019-02-15 17:43:53 CET
Same test as Comment 2, different hardware, and 64-bit. Same results.

This is OK for 64-bit. Validating. Suggested advisory in Comment 1.

Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Dave Hodgins 2019-02-17 17:30:04 CET
Advisory committed ot svn using the actual srpm, rather then the one in comment 1,
flash-player-plugin-32.0.0.142-1.mga6.nonfree.src.rpm

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2019-02-17 18:19:31 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0090.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.