Adobe issued a security bulletin for their Adobe Flash Player. On APSB13-04 two CVE’s are mentioned – CVE-2013-0633 and CVE-2013-0634. Of those two, CVE-2013-0634 is the vulnerability which affects Linux users, because it is being exploited “in the wild” in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox.
There is an update available for Chrome browser (update to the latest release please) and for the Flash Player plugin for Firefox. I have a package for that flashplayer-plugin and therefore I pushed an update so that you can “safely” use Flash content again in Firefox.
Mind you – if you are using the beta Steam Client for Linux (i.e. the client for Valve Software’s gaming platform) you will have a package for that flash player because it is used to display the video content in the Steam client. If you use Steam on multilib Slackware64 then you will have a “compat32” package of that flashplayer-plugin – do not forget to update that one as well!
Packages for flashplayer-plugin 22.214.171.1240 can be obtained (and used on Slackware 13.37 and higher, and perhaps even older releases) in the following places:
- http://alien.slackbook.org/slackbuilds/flashplayer-plugin/ (the master repository), rsync URI: rsync://alien.slackbook.org/alien/slackbuilds/flashplayer-plugin/
- http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/flashplayer-plugin/ (my fast mirror), rsync URI: rsync://taper.alienbase.nl/mirrors/people/alien/slackbuilds/flashplayer-plugin/
After the package upgrade, restart Firefox and visit this website to verify that your Flash Player Plugin is indeed the correct version: http://www.adobe.com/software/flash/about/
There is yet another update to Flash available (126.96.36.1993). Here is the release info:
Many thanks for all those wonderful packages that you build for us!
Yeah I noticed on LWN.net. I had to wait until coming home from work.
Packages are being uploaded now.