MGASA-2018-0286

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0286.html

Import Source

https://advisories.mageia.org/MGASA-2018-0286.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0286

Related

Published

2018-06-16T09:28:36Z

Modified

2026-02-02T05:49:30.076893Z

Summary

Updated flash-player-plugin packages fixes security issues

Details

Updated flash-player-plugin packages fixes the following security issues

A remote attacker could possibly execute arbitrary code with the privileges of the process or obtain sensitive information (CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002).

In response to a class of recently disclosed vulnerabilities in popular CPU hardware related to data cache timing (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754), known popularly as Spectre and Meltdown, Adobe are disabling the ‘shareable’ property of the ActionScript ByteArray class by default. For more info see the referenced adobe release notes.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / flash-player-plugin

Package

Name: flash-player-plugin
Purl: pkg:rpm/mageia/flash-player-plugin?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

30.0.0.113-1.mga6.nonfree

Ecosystem specific

{
    "section": "nonfree"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2018-0286.json"