Module submission - flash-plugin
sofar at foo-projects.org
Wed Sep 13 00:38:52 UTC 2006
Zbigniew Luszpinski wrote:
> module name : flash-plugin
> suggested section : web
> update (y/n) : y
> bugfix (y/n) : n
> security (y/n) : y
> Critical vulnerabilities have been identified in Flash Player 220.127.116.11 and
> earlier versions that could allow an attacker who successfully exploits these
> vulnerabilities to take control of the affected system. A malicious SWF file
> must be loaded in Flash Player by the end user for an attacker to exploit
> these vulnerabilities. It is recommended that users update to the most
> current version of Flash Player available for their platform.
> Platform: All Platforms
> Vulnerability Identifier: APSB06-11
> CVE Number: CVE-2006-3014, CVE-2006-3311, CVE-2006-3587, CVE-2006-3588,
> Lunar release notes:
> +updated to safe r68 release
> +fixed web site link
> If you installed this patch and module installer reports wrong checksum:
> -disable http proxy and caching in lunar settings before lining.
> Checksum is good, but lin/lget downloads old unsecure flash plugin if
> proxy/caching is enabled (on my machine, YMMV).
A "fix" would be to add "CLEAR_CACHE=on" to this module, because the name
doesn't change. Not nice towards macromedia's download site, but they suck anyway.
More information about the Lunar