I run Debian wheezy with Iceweasel as browser and have installed the Flash plugin similar to this description. Today I read that not only Flash on Windows and Mac also Adobe Flash Player 11.2.202.350 and earlier versions for Linux are vulnerable to exploitation. When checking my version in Iceweasel > Tools > Add-ons I was surprised to see that it is an older version, even though I did all upgrades with apt-get.
Does Debian provide updates for the Iceweasel plugin Flash at all? Are they not automatically provided? Do I always have to manually update the plugin?
Best Answer
The issue with Debian is when.
You can download the latest Shockwave version, 11.2.202.356 from here. Choose the
.tar.gzformat.Create an empty directory, move the downloaded
.tar.gzfile into it and unpack:Which should leave you a directory tree starting with
usr/, areadme.txtand alibflashplayer.so. The latter is what you are really after.Find your current version, possibly:
You want to replace that with the one from the tarball. If it is not found, there should be a
~/.mozilla/plugins/directory. Shut down Iceweasel and copylibflashplayer.sointo that directory. Start it up and check the version again, you should be using the newest one.You can keep the
.tar.gzfile but delete the rest of the stuff unpacked from within it; it is not needed.Chrome uses its own version of the flash player that is supposedly updated with Chrome, but there doesn't seem to be another way, and my version is still 13.0.0.182 here (which is also vulnerable, the chrome "pepperplayer" versions are different). However, Chrome on Linux will pick up the
~/.mozilla/pluginsone and if you navigate tochrome://pluginsyou'll see two under "Adobe Flash Player". The first one will probably be "Version: 13.0.0.182" and in an/opt/google/chromedirectory, you can disable that and fall back on the~/.mozillaone until it is upgraded.