Flash plugin 0-day vulnerability in the wild
Ahmad Samir
ahmadsamir3891 at gmail.com
Tue Jan 27 18:42:16 UTC 2015
On 26 January 2015 at 15:17, Martin Stransky <stransky at redhat.com> wrote:
> On 01/26/2015 02:03 PM, drago01 wrote:
>>
>> On Mon, Jan 26, 2015 at 2:01 PM, Ahmad Samir <ahmadsamir3891 at gmail.com>
>> wrote:
>>>
>>> On 26 January 2015 at 14:55, Martin Stransky <stransky at redhat.com> wrote:
>>>>
>>>>
>>>>
>>>> Where have you got that? Official Adobe site [1] says the latest is
>>>> 11.2.202.438 and flash download page [2] gives me the same. I see the
>>>> Ubuntu
>>>> update with .440 package but what's that?
>>>>
>>>> ma.
>>>>
>>>> [1] http://www.adobe.com/software/flash/about/
>>>> [2] https://get.adobe.com/flashplayer/
>>>
>>>
>>> flash-plugin-11.2.202.440 is available in the yum repo hosted by
>>> Adobe. But on[1] it doesn't say anything about the issue being fixed
>>> for Linux.
>>
>>
>> Sure it does "Adobe Flash Player 11.2.202.438 and earlier versions for
>> Linux" ... 440 > 438 ...
>>
>
> There's no official confirmation of the fix of the CVE-2015-0311 in 440 yet,
> you can only assume that.
>
They've finally updated[1], it's official now that flash 11.2.202.440
includes the fix for CVE-2015-0311.
[1]http://helpx.adobe.com/security/products/flash-player/apsb15-03.html
--
Ahmad Samir
More information about the devel
mailing list