Advisories » MGASA-2018-0286

Updated flash-player-plugin packages fixes security issues

Publication date: 16 Jun 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-4945 , CVE-2018-5000 , CVE-2018-5001 , CVE-2018-5002


Updated flash-player-plugin packages fixes the following security issues

A remote attacker could possibly execute arbitrary code with the privileges
of the process or obtain sensitive information (CVE-2018-4945, 
CVE-2018-5000, CVE-2018-5001, CVE-2018-5002).

In response to a class of recently disclosed vulnerabilities in popular
CPU hardware related to data cache timing (CVE-2017-5753, CVE-2017-5715,
CVE-2017-5754), known popularly as Spectre and Meltdown, Adobe are
disabling the ‘shareable’ property of the ActionScript ByteArray class
by default. For more info see the referenced adobe release notes.