Adobe has release patched versions of its Flash software for Windows, Mac and Linux in response to a security hole found in the product. If you’re a Linux user who has Flash installed, check out below for how to get it.
An Adobe Security Bulletin released just yesterday announces the availability of patched versions of its Flash software for Windows, Mac and Linux. This is in keeping with the company’s promise to continue issuing security updates even though further development of the plugin on Linux has ceased.
Users of Adobe Flash Player 184.108.40.2061 and earlier versions for Linux should update to Adobe Flash Player 220.127.116.116
The patches address 2 separate CVEs:
These updates resolve a vulnerability that could be used to bypass the same origin policy (CVE-2014-0503).
These updates resolve a vulnerability that could be used to read the contents of the clipboard (CVE-2014-0504).
Linux users can obtain the updates by going to http://get.adobe.com/flashplayer, and downloading the appropriate package for their distribution.
I had previous installed Adobe’s adobe-linux-x86_64.repo under /etc/yum.repos.d on all my machines. As a result I only need to do a “yum update” to have the update installed.
Here’s the text of the yum repo configuration:
name=Adobe Systems Incorporated baseurl=http://linuxdownload.adobe.com/linux/x86_64/ enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
It is highly recommended that the package be used for installing it for a first time install of the repo, as it will automatically import Adobe’s GPG key.
If you happen to have any Windows machines around this might be a good time to review whether or not automatic updates should be turned on.