[arch-security] [ASA-201501-16] unpatched 0day in flash
Remi Gacogne
rgacogne at archlinux.org
Fri Jan 23 13:13:19 UTC 2015
Hi,
On 01/23/2015 01:44 PM, chris.rebischke at gmail.com wrote:
> The malware researcher 'kafeine' found an 0day in Flash used by Angler EK malware.
> The CVEs:
>
> CVE-2014-8440
> CVE-2015-0310
> CVE-2015-0311 <- The 0day
>
> Actual Version flash version in archlinux: flashplugin 11.2.202.429-1
> Is our version vulnerable too? Have somebody some information about this?
According to the information provided by Adobe in [1], I think so.
Unfortunately there is not much information available on the issue and
no fix available as far as I know, therefore I would recommend
completely disabling the flash plugin, which might be a good idea if you
care about security anyway.
Oh and please don't hijack existing unrelated thread for starting a new
topic :)
[1]: http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150123/164ace9e/attachment.asc>
More information about the arch-security
mailing list