Adobe has released an update for the flash plugin that will fix the bug that came to light in the hackingteam incident. According to the advisory affected are "Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux". The Download page has the newer version 11.2.202.481 for Linux systems. Please bump.
Thanks for the report, this is also discussed in - http://www.kb.cert.org/vuls/id/561288 - http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-integrated-into-exploit-kits/ - http://www.symantec.com/connect/blogs/leaked-flash-zero-day-likely-be-exploited-attackers
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.481 Targeted stable KEYWORDS : amd64 x86
Stable for AMD64 x86.
CVE-2015-5119 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5119): Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a ValueOf function, as exploited in the wild in July 2015.
glsa request filed
This issue was resolved and addressed in GLSA 201507-13 at https://security.gentoo.org/glsa/201507-13 by GLSA coordinator Kristian Fiskerstrand (K_F).
