Updated flash-player-plugin packages fixes security issues
Publication date: 16 Jun 2018Modification date: 16 Jun 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-4945 , CVE-2018-5000 , CVE-2018-5001 , CVE-2018-5002
Description
Updated flash-player-plugin packages fixes the following security issues A remote attacker could possibly execute arbitrary code with the privileges of the process or obtain sensitive information (CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002). In response to a class of recently disclosed vulnerabilities in popular CPU hardware related to data cache timing (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754), known popularly as Spectre and Meltdown, Adobe are disabling the ‘shareable’ property of the ActionScript ByteArray class by default. For more info see the referenced adobe release notes.
References
- https://bugs.mageia.org/show_bug.cgi?id=23175
- https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
- https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002
SRPMS
6/nonfree
- flash-player-plugin-30.0.0.113-1.mga6.nonfree