Advisories ยป MGASA-2018-0120

Updated flash-player-plugin packages fix security vulnerability

Publication date: 07 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-4877 , CVE-2018-4878

Description

Adobe Flash Player 28.0.0.161 addresses critical use-after-free
vulnerabilities that could lead to remote code execution (CVE-2018-4877,
CVE-2018-4878). Successful exploitation could potentially allow an
attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the
wild, and is being used in limited, targeted attacks against Windows users.
These attacks leverage Office documents with embedded malicious Flash
content distributed via email.
                

References

SRPMS

6/nonfree