Security Advisory for Adobe Flash Player Release date: January 22, 2015 Vulnerability identifier: APSA15-01 CVE number: CVE-2015-0311 Platform: All Platforms Summary A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below. Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26. Affected software versions Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh Adobe Flash Player 13.0.0.262 and earlier 13.x versions Adobe Flash Player 11.2.202.438 and earlier versions for Linux To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system. Severity ratings Adobe categorizes this as a critical vulnerability.
There is a new version out there but versioned tarballs have not yet been made available. https://www.adobe.com/products/flashplayer/distribution3.html
Meanwhile, the privileged people at Canonical get early access: http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_11.2.202.440.orig.tar.gz
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.440 Targeted stable KEYWORDS : amd64 x86
CVE-2015-0311 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0311): Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
both arches are stable
Added to existing glsa draft.
This issue was resolved and addressed in GLSA 201502-02 at http://security.gentoo.org/glsa/glsa-201502-02.xml by GLSA coordinator Mikle Kolyada (Zlogene).