Flash plugin 0-day vulnerability in the wild
Ahmad Samir
ahmadsamir3891 at gmail.com
Mon Jan 26 14:06:18 UTC 2015
On 26 January 2015 at 15:16, Martin Stransky <stransky at redhat.com> wrote:
> On 01/26/2015 02:12 PM, Ahmad Samir wrote:
>>
>> On 26 January 2015 at 15:03, drago01 <drago01 at gmail.com> wrote:
>>>
>>> On Mon, Jan 26, 2015 at 2:01 PM, Ahmad Samir <ahmadsamir3891 at gmail.com>
>>> wrote:
>>>>
>>>> On 26 January 2015 at 14:55, Martin Stransky <stransky at redhat.com>
>>>> wrote:
>>>>>
>>>>>
>>>>>
>>>>> Where have you got that? Official Adobe site [1] says the latest is
>>>>> 11.2.202.438 and flash download page [2] gives me the same. I see the
>>>>> Ubuntu
>>>>> update with .440 package but what's that?
>>>>>
>>>>> ma.
>>>>>
>>>>> [1] http://www.adobe.com/software/flash/about/
>>>>> [2] https://get.adobe.com/flashplayer/
>>>>
>>>>
>>>> flash-plugin-11.2.202.440 is available in the yum repo hosted by
>>>> Adobe. But on[1] it doesn't say anything about the issue being fixed
>>>> for Linux.
>>>
>>>
>>> Sure it does "Adobe Flash Player 11.2.202.438 and earlier versions for
>>> Linux" ... 440 > 438 ...
>>
>> From
>> https://helpx.adobe.com/security/products/flash-player/apsa15-01.html:
>>
>> "UPDATE (January 24): Users who have enabled auto-update for the Flash
>> Player desktop runtime will be receiving version 16.0.0.296 beginning
>> on January 24. This version includes a fix for CVE-2015-0311"
>>
>> I was thinking of something along those lines for the Linux version too.
>>
>
> Firefox does not use the 16.X line - that's the Pepper API plugin which runs
> with Chrome only.
>
I know that; what I meant was that I am waiting to see a similar
message about the 11.x version that's used in Linux/Firefox.
--
Ahmad Samir
More information about the devel
mailing list