Flash plugin 0-day vulnerability in the wild
Martin Stransky
stransky at redhat.com
Mon Jan 26 13:16:51 UTC 2015
On 01/26/2015 02:12 PM, Ahmad Samir wrote:
> On 26 January 2015 at 15:03, drago01 <drago01 at gmail.com> wrote:
>> On Mon, Jan 26, 2015 at 2:01 PM, Ahmad Samir <ahmadsamir3891 at gmail.com> wrote:
>>> On 26 January 2015 at 14:55, Martin Stransky <stransky at redhat.com> wrote:
>>>>
>>>>
>>>> Where have you got that? Official Adobe site [1] says the latest is
>>>> 11.2.202.438 and flash download page [2] gives me the same. I see the Ubuntu
>>>> update with .440 package but what's that?
>>>>
>>>> ma.
>>>>
>>>> [1] http://www.adobe.com/software/flash/about/
>>>> [2] https://get.adobe.com/flashplayer/
>>>
>>> flash-plugin-11.2.202.440 is available in the yum repo hosted by
>>> Adobe. But on[1] it doesn't say anything about the issue being fixed
>>> for Linux.
>>
>> Sure it does "Adobe Flash Player 11.2.202.438 and earlier versions for
>> Linux" ... 440 > 438 ...
> From https://helpx.adobe.com/security/products/flash-player/apsa15-01.html:
>
> "UPDATE (January 24): Users who have enabled auto-update for the Flash
> Player desktop runtime will be receiving version 16.0.0.296 beginning
> on January 24. This version includes a fix for CVE-2015-0311"
>
> I was thinking of something along those lines for the Linux version too.
>
Firefox does not use the 16.X line - that's the Pepper API plugin which
runs with Chrome only.
ma.
More information about the devel
mailing list