Advisories » MGASA-2018-0189

Updated flash-player-plugin packages fix security vulnerability

Publication date: 01 Apr 2018
Modification date: 01 Apr 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-4919 , CVE-2018-4920

Description

It was found that flash versions older than 29.0.0.113 contained a use
after free vulnerability that could lead to remote code execution
(CVE-2018-4919).

A second vulnerability was a type confusion which could also lead to
remote code execution (CVE-2018-4920).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22767
• https://helpx.adobe.com/security/products/flash-player/apsb18-05.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4919
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4920

SRPMS

6/nonfree

• flash-player-plugin-29.0.0.113-1.mga6.nonfree