Patch

Adobe Flash Player 20.0.0.235 released

Adobe has announced the release of Adobe Flash Player 20.0.0.235 security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11.

OpenSSL Vulnerabilities Critical Patch released by Canonical

Canonical recently released a critical security patch for OpenSSL Vulnerabilities. This release addresses an openssl – Secure Socket Layer (SSL) cryptographic library and tools and its affects the following releases of Ubuntu and its derivatives: Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS. Details: Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.