On Fri, 08 Apr 2016 13:42:03 +0200 Petter Reinholdtsen <[email protected]> wrote: > Package: flashplugin-nonfree > Version: 1:3.6.1 > > According to > <URL: > https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1019.html > > Ubuntu is affected by CVE-2016-1019: > > Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to > cause a denial of service (application crash) or possibly execute > arbitrary code via unspecified vectors, as exploited in the wild in > April 2016. > > Is Debian affected too? I was unable to find any conclusive answer, so > I thought it best to ask here. > <URL: https://security-tracker.debian.org/tracker/CVE-2016-1019 > > so far only notes 'check', which I suspect mean it need to be manually > verified by someone. Did you verify it? > > -- > Happy hacking > Petter Reinholdtsen > >
Yes, of course. Like every other Linux flavour where you install the Adobe Flashplayer. Look here: https://helpx.adobe.com/security/products/flash-player/apsb16-10.html Affected Versions Product Affected Versions Platform Adobe Flash Player for Linux 11.2.202.577 and earlier Linux Solution Product Updated Versions Platform Priority rating Availability Adobe Flash Player for Linux 11.2.202.616 Linux 3 Flash Player Download Center Priority 3 means This update resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion. Since https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814316 is solved, we can finally do this. Regards äxl
