Module submission - flash-plugin

Auke Kok sofar at
Wed Sep 13 00:38:52 UTC 2006

Zbigniew Luszpinski wrote:
> module name       : flash-plugin
> suggested section : web
> update (y/n)      : y
> bugfix (y/n)      : n
> security (y/n)    : y
> Critical vulnerabilities have been identified in Flash Player and 
> earlier versions that could allow an attacker who successfully exploits these 
> vulnerabilities to take control of the affected system. A malicious SWF file 
> must be loaded in Flash Player by the end user for an attacker to exploit 
> these vulnerabilities. It is recommended that users update to the most 
> current version of Flash Player available for their platform.
> Platform: All Platforms
> Vulnerability Identifier: APSB06-11
> CVE Number: CVE-2006-3014, CVE-2006-3311, CVE-2006-3587, CVE-2006-3588, 
> CVE-2006-4640
> Lunar release notes:
> +updated to safe r68 release
> +fixed web site link
> Warning!
> If you installed this patch and module installer reports wrong checksum:
> -disable http proxy and caching in lunar settings before lining.
> Checksum is good, but lin/lget downloads old unsecure flash plugin if 
> proxy/caching is enabled (on my machine, YMMV).


A "fix" would be to add "CLEAR_CACHE=on" to this module, because the name 
doesn't change. Not nice towards macromedia's download site, but they suck anyway.


More information about the Lunar mailing list