FS#43563 - [flashplugin] remote code execution in <= 11.2.202.438 (CVE-2015-0311)

Attached to Project: Arch Linux
Opened by TuX (TuxLyn) - Sunday, 25 January 2015, 07:12 GMT
Last edited by Evangelos Foutras (foutrelis) - Monday, 26 January 2015, 18:03 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Ionut Biru (wonder)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No
This task depends upon

Closed by  Evangelos Foutras (foutrelis)
Monday, 26 January 2015, 18:03 GMT
Reason for closing:  Fixed
Additional comments about closing:  flashplugin 11.2.202.440-1
Comment by TuX (TuxLyn) - Sunday, 25 January 2015, 07:13 GMT
Best workaround for now is to simply uninstall flashplugin.
Comment by Doug Newgard (Scimmia) - Sunday, 25 January 2015, 18:00 GMT
11.2.202.438 is vulnerable as well.
Comment by Martin Schnitkemper (Martin-MS) - Sunday, 25 January 2015, 18:30 GMT
Flash Player 11.2.202.440 has been released: http://www.adobe.com/products/flashplayer/distribution3.html
Comment by TuX (TuxLyn) - Monday, 26 January 2015, 14:33 GMT
Workaround: Install flash plugin manually on top of already installed version.

Download for 64bit: http://fpdownload.macromedia.com/get/flashplayer/current/licensing/linux/install_flash_player_11_linux.x86_64.tar.gz
Download for 32bit: http://fpdownload.macromedia.com/get/flashplayer/current/licensing/linux/install_flash_player_11_linux.i386.tar.gz
Extract Archive: tar xvzf install_flash_player_11_linux.x86_64.tar.gz

Copy files:
cp install_flash_player_11_linux.x86_64/libflashplayer.so /usr/lib/mozilla/plugins/
cp install_flash_player_11_linux.x86_64/usr/bin/flash-player-properties /usr/bin/flash-player-properties

Tested and Works :-) At least until we have new package in official repository.

Loading...