Advisories » MGASA-2018-0120

Updated flash-player-plugin packages fix security vulnerability

Publication date: 07 Feb 2018
Modification date: 07 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-4877 , CVE-2018-4878

Description

Adobe Flash Player 28.0.0.161 addresses critical use-after-free
vulnerabilities that could lead to remote code execution (CVE-2018-4877,
CVE-2018-4878). Successful exploitation could potentially allow an
attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the
wild, and is being used in limited, targeted attacks against Windows users.
These attacks leverage Office documents with embedded malicious Flash
content distributed via email.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22534
• https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4877
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4878

SRPMS

6/nonfree

• flash-player-plugin-28.0.0.161-1.mga6.nonfree