Adobe Flash Player 126.96.36.1996 contains fixes to important vulnerabilities found in earlier versions that could allow a remote attacker to bypass security restrictions or to access sensitive information.
This update resolves a vulnerability that could be used to bypass the same origin policy (CVE-2014-0503).
This update resolves a vulnerability that could be used to read the contents of the clipboard (CVE-2014-0504).
Uploaded to mga3+mga4 nonfree/updates_testing:
P.S. This is the first time I remember Adobe issuing a Flash update classified as only Important instead of Critical... (this is because the security issues do not allow a remote takeover as usual).
No PoC. Tested general use mga4-64.
Played Youtube videos, and a flash game. changed settings in KDE panel, all OK.
Will test mga3-64 momentarily. Someone else will have to pick up mga3 and 4 32. I have an older AMD processor and newer flash updates don't work on my 32-bit system.
I'll do both 32bit now.
Tested mga3-64 as above, all OK.
MGA3TOO mga4-64-ok =>
MGA3TOO mga4-64-ok mga3-64-ok
Testing complete mga3 32 & mga4 32
Advisory uploaded. Validating.
Could sysadmin please push to 3 & 4 nonfree updates
MGA3TOO mga4-64-ok mga3-64-ok =>
MGA3TOO has_procedure advisory mga3-32-ok mga4-32-ok mga4-64-ok mga3-64-okCC: