Bug 24942 - flash-player-plugin security update 32.0.0.207
Summary: flash-player-plugin security update 32.0.0.207
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK MGA6-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-06-11 16:48 CEST by Nicolas Salguero
Modified: 2019-06-21 03:08 CEST (History)
4 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2019-7845
Status comment:


Attachments

Description Nicolas Salguero 2019-06-11 16:48:20 CEST
Hi,

Version 32.0.0.207 fixes CVE-2019-7845.

References:
https://helpx.adobe.com/security/products/flash-player/apsb19-30.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7845

Best regards,

Nico.
Nicolas Salguero 2019-06-11 16:49:10 CEST

Source RPM: (none) => flash-player-plugin
CVE: (none) => CVE-2019-7845
Whiteboard: (none) => MGA6TOO

Comment 1 Nicolas Salguero 2019-06-12 09:49:42 CEST
Suggested advisory:
========================

Updated flash-player-plugin package fixes a security vulnerability:

A use after free that leads to arbitrary code execution. (CVE-2019-7845)

References:
https://helpx.adobe.com/security/products/flash-player/apsb19-30.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7845
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-32.0.0.207-1.mga6.nonfree

from SRPMS:
flash-player-plugin-32.0.0.207-1.mga6.nonfree.src.rpm

Status: NEW => ASSIGNED
Whiteboard: MGA6TOO => (none)
Assignee: bugsquad => qa-bugs
Version: Cauldron => 6

Comment 2 Morgan Leijström 2019-06-14 16:49:36 CEST
64 bit, Plasma, Nvidia driver
Upgraded OK.
 Using Firefox:
Flash version test OK.
Video test OK.

CC: (none) => fri

Comment 3 James Kerr 2019-06-16 10:40:59 CEST
on mga6-64  plasma

package installed cleanly:
flash-player-plugin-32.0.0.207-1.mga6.nonfree

https://helpx.adobe.com/flash-player.html
reports that I have the latest version installed

OK for mga6-64

CC: (none) => jim
Whiteboard: (none) => MGA6-64-OK

Comment 4 James Kerr 2019-06-16 10:55:03 CEST
on mga6-32  plasma  (on a vbox VM)

package installed cleanly:
- flash-player-plugin-32.0.0.207-1.mga6.nonfree.i586

https://helpx.adobe.com/flash-player.html
reports that the latest version is installed

OK for mga6-32

Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OK

Comment 5 James Kerr 2019-06-16 10:58:29 CEST
Update is validated. Advisory in comment #1 needs to be uploaded to SVN

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Thomas Backlund 2019-06-21 01:43:04 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 6 Mageia Robot 2019-06-21 03:08:09 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0192.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.