[arch-security] [ASA-201501-16] unpatched 0day in flash

Remi Gacogne rgacogne at archlinux.org
Fri Jan 23 13:13:19 UTC 2015


Hi,

On 01/23/2015 01:44 PM, chris.rebischke at gmail.com wrote:

> The malware researcher 'kafeine' found an 0day in Flash used by Angler EK malware.
> The CVEs:
> 
> CVE-2014-8440 
> CVE-2015-0310 
> CVE-2015-0311 <- The 0day
> 
> Actual Version flash version in archlinux: flashplugin 11.2.202.429-1
> Is our version vulnerable too? Have somebody some information about this?

According to the information provided by Adobe in [1], I think so.

Unfortunately there is not much information available on the issue and
no fix available as far as I know, therefore I would recommend
completely disabling the flash plugin, which might be a good idea if you
care about security anyway.

Oh and please don't hijack existing unrelated thread for starting a new
topic :)


[1]: http://helpx.adobe.com/security/products/flash-player/apsa15-01.html


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150123/164ace9e/attachment.asc>


More information about the arch-security mailing list