Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#43563 - [flashplugin] remote code execution in <= (CVE-2015-0311)

Attached to Project: Arch Linux
Opened by TuX (TuxLyn) - Sunday, 25 January 2015, 07:12 GMT
Last edited by Evangelos Foutras (foutrelis) - Monday, 26 January 2015, 18:03 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Ionut Biru (wonder)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No
This task depends upon

Closed by  Evangelos Foutras (foutrelis)
Monday, 26 January 2015, 18:03 GMT
Reason for closing:  Fixed
Additional comments about closing:  flashplugin
Comment by TuX (TuxLyn) - Sunday, 25 January 2015, 07:13 GMT
Best workaround for now is to simply uninstall flashplugin.
Comment by Doug Newgard (Scimmia) - Sunday, 25 January 2015, 18:00 GMT is vulnerable as well.
Comment by Martin Schnitkemper (Martin-MS) - Sunday, 25 January 2015, 18:30 GMT
Flash Player has been released:
Comment by TuX (TuxLyn) - Monday, 26 January 2015, 14:33 GMT
Workaround: Install flash plugin manually on top of already installed version.

Download for 64bit:
Download for 32bit:
Extract Archive: tar xvzf install_flash_player_11_linux.x86_64.tar.gz

Copy files:
cp install_flash_player_11_linux.x86_64/ /usr/lib/mozilla/plugins/
cp install_flash_player_11_linux.x86_64/usr/bin/flash-player-properties /usr/bin/flash-player-properties

Tested and Works :-) At least until we have new package in official repository.