Bug 25429 - flash-player-plugin security update 32.0.0.255
Summary: flash-player-plugin security update 32.0.0.255
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6TOO MGA6-64-OK MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-09-12 08:50 CEST by Nicolas Salguero
Modified: 2019-09-12 22:02 CEST (History)
4 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2019-8069, CVE-2019-8070
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2019-09-12 08:50:40 CEST 
Hi,

Version 32.0.0.255 fixes CVE-2019-8069 and CVE-2019-8070.

References:
https://helpx.adobe.com/security/products/flash-player/apsb19-46.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8070

Best regards,

Nico.
Nicolas Salguero 2019-09-12 08:51:12 CEST

Whiteboard: (none) => MGA7TOO, MGA6TOO
CVE: (none) => CVE-2019-8069, CVE-2019-8070
Source RPM: (none) => flash-player-plugin

Comment 1 Nicolas Salguero 2019-09-12 09:17:09 CEST 
Suggested advisory:
========================

Updated flash-player-plugin package fixes security vulnerabilities:

Same origin method execution that leads to arbitrary code execution in the context of the current user. (CVE-2019-8069)

Use after free that leads to arbitrary code execution in the context of the current user. (CVE-2019-8070)

References:
https://helpx.adobe.com/security/products/flash-player/apsb19-46.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8070
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-32.0.0.255-1.mga[67].nonfree

from SRPMS:
flash-player-plugin-32.0.0.255-1.mga[67].nonfree.src.rpm

Status: NEW => ASSIGNED
Whiteboard: MGA7TOO, MGA6TOO => MGA6TOO
Version: Cauldron => 7
Assignee: bugsquad => qa-bugs

Comment 2 Len Lawrence 2019-09-12 11:48:36 CEST 
mga6, x86_64

Clean update.
Visited the community section of the Adobe site and found a few animations which looked fine.

Whiteboard: MGA6TOO => MGA6TOO MGA6-64-OK
CC: (none) => tarazed25

Comment 3 Thomas Andrews 2019-09-12 16:25:33 CEST 
MGA7, Plasma, x86_64.

As with MGA6, a clean update. Visited the U.S. National Weather Service Doppler Radar at Binghamton, NY site, and ran an enhanced loop. With flash activated, the loop wouldn't run, but when activated it did. Looks good, except that rain is headed my way.

Validating. Advisory in Comment 1.

Whiteboard: MGA6TOO MGA6-64-OK => MGA6TOO MGA6-64-OK MGA7-64-OK
Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2019-09-12 18:43:47 CEST

Keywords: (none) => advisory
CC: (none) => tmb

Comment 4 Mageia Robot 2019-09-12 22:02:02 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0273.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.